Nmap Development mailing list archives
Re: "version" scripts running after successful version detection
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Tue, 17 Jul 2012 04:03:27 +0300
I suppose a version script could be more accurate than a probe. Some version scripts also produce other results, at least if script scan is enabled too. This makes me think that disabling version scripts for identified services seems risky. On Tue, Jul 17, 2012 at 3:58 AM, David Fifield <david () bamsoftware com> wrote:
I notice that the script http-huawei-hg5xx-vuln is running for every -sV scan that finds an HTTP port. It's adding things to HTTP logs that look like this: 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /nmaplowercheck1342486338 HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /Listadeparametros.html HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" The script is running because it belongs to the "version" category. This is happening even when normal version scan finds a match. I had thought that NSE would not run "version" scripts for services that already have a match, but that appears not to be the case. The sample script at http://nmap.org/book/nse-vscan.html#nse-skypev2-script does this check in the portrule; are all scripts supposed to check in this way? In any event, it seems we shouldn't be running this script as often as it is being run. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- "version" scripts running after successful version detection David Fifield (Jul 16)
- Re: "version" scripts running after successful version detection Toni Ruottu (Jul 16)
- <Possible follow-ups>
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection David Fifield (Jul 17)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)