Nmap Development mailing list archives

smb-check vulns improvements


From: Henri Doreau <henri.doreau () gmail com>
Date: Wed, 1 Aug 2012 09:36:28 +0200

Hi,

I've been reported some issues with smb-check-vulns.nse. Please find
attached a patch aiming to fix them by improving output consistency of
the script.

By default (no --script-args) the script produces something like:
"""
Host script results:
| smb-check-vulns:
|   Conficker: UNKNOWN; got error No accounts left to try
|   regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
|   SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add
'--script-args=unsafe=1' to run)
|   MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_  MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)
"""

wrongly assuming that safe=1 was passed in and not informing the user
about the ms08-067 check (disabled because unsafe too).

I've added a check for 'unsafe' parameter in the ms08-067 related
function, and replaced the "remove 'safe=1'" messages by "add
--script-args=unsafe=1" to better match the default case.

I'm kind of hesitating to simply remove them from default output and
replace them by print_debug() statements wherever relevant. What do you
think?

Regards.

--
Henri

Attachment: smb-check-vulns_msg.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread: