Aleksandar's status report #11 of 17

[Aleksandar Nikolic <nikolic.alek () gmail com>]

Hi all,

during the last week, I've continued to work on
brute and unpwdb lib improvements which are almost at an end and
I'll soon send the patches to the mailing list for considerations.

Apart from that , I've written metasploit-info script which uses
Metasploit's RPC service to gather info (post auth) about the remote
system. What is interesting about this one is that it implements
all the basic functions one would need to control basic Metasploit's
functionality so it could be used to set up some kind of nmap->metasploit
interaction altho in a very crude way as it's not using an actuall
msgpack library.

I've also checked out a few RAT tools and was hoping to find a way to get some
info from them (pre-auth) but no luck there.

Next on agenda, for this week, are:
- http-slowloris sciprt - it's been sitting in the ScriptIdeas page,
unfinished, for quite some time
and I plan to test the existing script and finish it for inclusion
- smb-ms10-054 - write a vuln check script for this vulnerability.
Altho it's a DoS, it's a relatively recent vulnerability.
I guess we should start reducing the number of scripts in the "Solid
candidates" section:)


Aleksandar
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/