Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best practice for web vulnerability scripts?

From: George Chatzisofroniou <sophron () latthi com>
Date: Wed, 28 May 2014 18:44:32 +0300
On Wed, May 28, 2014 at 10:03:53AM -0500, Daniel Miller wrote: 

What about splitting http-enum and placing the vulnerability detection
portions into http-vuln (name subject to alteration)?

http-enum is enormous and slow (I often specifically avoid running it for
this reason, even when I want to run as many scripts as possible), and I
can see how someone might only want to check for known vulnerabilities.


There is http-enum.category option for limiting the checks to a certain type.
For vulnerability checks only, you can use the 'attacks' type. 

There is also the 'severity' field when declaring a vulnerability fingerprint.
Currently, this field is used nowhere, but i can guess that it was supposed to
limit the checks even more by setting a severity rating.


This could also allow some changes to the fingerprint "API" that could work
for vuln checks, like reducing some of the vuln library boilerplate with
new fields.


The fingerprints may differ according to their category already. For example,
the 'severity' field that i mentioned applies only on vulnerability
fingerprints.

I think the main reason for splitting the databases is for better arranging and
i'm fine with that.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: