Nmap Development mailing list archives
Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 9 Jul 2011 07:50:00 +0200
On Jul 9, 2011, at 8:39 AM, Paulino Calderon wrote:
On 07/08/2011 04:25 PM, Henri Doreau wrote:2011/7/8 Paulino Calderon<paulino () calderonpale com>:I've added an argument to pass the api key from command line and commited this script as 'http-google-malware' r24749.Hi Paulino, I've just quickly read the script and it sounds good. I have a comment concerning arguments handling though. Wouldn't that be better to use of stdnse.get_script_args() instead of reading them from the registry? In the secwiki entry[1] I also mentioned the "Symantec Norton safe web" service. Just for information: do you have plans to add support for this as well? Or is there an issue about it (like usage rules or whatever...)? Regards. [1] https://secwiki.org/w/Nmap_Script_Ideas#http-malware-hostWell to be honest I don't know the difference between them. Fyodor didn't mention anything about it when we had code reviews for this script or others so I assumed they were both correct. When I was researching our options for this script, I tested malware sites from http://www.malwareblacklist.com/showMDL.php and Google's service detected a LOT more entries than Norton. Since Symantec Norton also does not offer an API and we would have to parse html that could need updates in the future, I decided to go with Google's API. Adding support to this service does have the advantage of not needing an API key but their database doesn't seem that good. Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Paulino,
get_script_args offers at least two improvements over fetching arguments directly from the registry:
1. You don't need to set a value for "boolean" arguments, eg. you can do --script-args script.showall instead of
--script-args script.showall=1
2. You can fetch multiple arguments using a single call eg:
local mode, domains = get_script_args('dns-cache-snoop.mode', 'dns-cache-snoop.domains')
//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 03)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Henri Doreau (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Patrik Karlsson (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 09)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Henri Doreau (Jul 08)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)