Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google Search Appliance version script

From: Fyodor <fyodor () insecure org>
Date: Tue, 25 Jan 2011 21:50:24 -0800
On Sun, Jan 23, 2011 at 04:47:31PM -0500, Matt Selsky wrote:

Attached is a script to grab version information from a Google Search Appliance via the "About" page.


Thanks for sending this.  I only had a couple minutes to read through
it, but I'll send some quick feedback anyway:

o It looks like this will make two HTTP requests to
  /EnterpriseController against every web server found.  Given that
  the vast majority of web servers are NOT Google Search Appliances,
  this might be too much overhead for a "default" script.  Can version
  detection already detect GSA?  If not, maybe new signatures could be
  added so it does?  If this script only performed the requests
  against GSA machines, it would be more suitable for the default
  category.  But if we took it out of default, I imagine that it often
  wouldn't get used even when it is going against a GSA server just
  because the user didn't know to enable the script.

o Anothe issue arises with single purpose scripts like this.  One
  could see this functionality being useful for all sorts of
  appliance-style devices, including my Linksys access points, printer
  web admin, etc.  Does it make sense to have individual scripts for
  each (meaning we could end up with dozens, hundreds, or thousands of
  them), or try to put all the detection functionality in one http
  discovery script?  I'm not sure.  Nessus and OpenVAS have tens of
  thousands of scripts because they tend to create a new script for
  every single obscure test rather than combine them into fewer, more
  powerful scripts.  Nmap, on the other hand, tends to have fewer but
  more complex scripts.  We've seen this issue in other recent script
  submissions such as eig.nse, which uses an HTTP request to check if
  the device reports itself as an "Electro Industries / Guagetech
  'Nexus' smart meter".  I'm not sure where to draw the line here or
  what the best policy is, but I figured it is worth raising the
  issue.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: