Nmap Development mailing list archives
Re: Missing argument documentation 3
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 25 Jan 2013 06:35:30 -0600
I'd suggest putting jdwp-exec and jdwp-inject as "exploit," and possibly "intrusive." They are not "discovery," and I'm not entirely sure they are "safe," either. I've used Michael Scheirl's JavaPayload to do the same thing in the past, and though it did not crash the service, it doesn't work on all target applications (particularly WebLogic). Dan On Thu, Jan 24, 2013 at 12:41 PM, David Matousek <david () matousec com> wrote:
Well, I read there "This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output.". This sounds kind of intrusive to me, but maybe not according to the definition of intrusive category. So, just suggesting a check of this. If you find it fitting then it is all OK. All best, David David Fifield wrote:On Thu, Jan 24, 2013 at 07:04:20AM +0100, David Matousek wrote:besides documentation issues in http-userdir-enum and http-vhosts scripts I have reported earlier, here are some more scripts with similar issues: ip-forwarding irc-botnet-channels jdwp-exec (+ this one is classified as safe + discovery ONLY, is that right?) jdwp-inject (+ this one is classified as safe + discovery ONLY, is that right?) Script stuxnet-detect.nse on line 22 is missing '<' character in first "</code>": -- <code>%h/code> replaced by the host's IP address, and <code>%v</code> Script wsdd-discover has this usage line in the documentation (and source code): sudo ./nmap --script broadcast-wsdd-discover seems like the script was renamed imperfectly ...Thanks, I've fixed these. What categories were you thinking for jdwp-exec and jdwp-inject? David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Missing argument documentation David Matousek (Jan 13)
- Re: Missing argument documentation Paulino Calderon (Jan 14)
- Re: Missing argument documentation David Matousek (Jan 16)
- Re: Missing argument documentation Paulino Calderon (Jan 14)
- Re: Missing argument documentation David Fifield (Jan 14)
- Missing argument documentation 3 David Matousek (Jan 24)
- Re: Missing argument documentation 3 David Fifield (Jan 24)
- Re: Missing argument documentation 3 David Matousek (Jan 25)
- Re: Missing argument documentation 3 Daniel Miller (Jan 25)
- Re: Missing argument documentation 3 David Fifield (Jan 25)
- Re: Missing argument documentation 3 Daniel Miller (Jan 25)
- Missing argument documentation 3 David Matousek (Jan 24)
- Re: Missing argument documentation Paulino Calderon (Jan 14)
- Re: Missing argument documentation 2 David Fifield (Jan 16)
- Re: Missing argument documentation 2 David Matousek (Jan 17)