Re: smb-check vulns improvements

[Henri Doreau <henri.doreau () gmail com>]

2012/8/1 Henri Doreau <henri.doreau () gmail com>:
> Hi,
>
> I've been reported some issues with smb-check-vulns.nse. Please find
> attached a patch aiming to fix them by improving output consistency of
> the script.
>
> By default (no --script-args) the script produces something like:
> """
> Host script results:
> | smb-check-vulns:
> |   Conficker: UNKNOWN; got error No accounts left to try
> |   regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
> |   SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add
> '--script-args=unsafe=1' to run)
> |   MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
> |_  MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)
> """
>
> wrongly assuming that safe=1 was passed in and not informing the user
> about the ms08-067 check (disabled because unsafe too).
>
> I've added a check for 'unsafe' parameter in the ms08-067 related
> function, and replaced the "remove 'safe=1'" messages by "add
> --script-args=unsafe=1" to better match the default case.
>
> I'm kind of hesitating to simply remove them from default output and
> replace them by print_debug() statements wherever relevant. What do you
> think?
>
> Regards.

Hi list,

got no feedback on this. I know that it'd be nicer to split the script
into several dedicated scripts (on script per vulnerability) but for
the time being I think the proposed changes make sense.

Any pro/con about this patch?


Regards.

-- 
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/