Re: Gyani's Status Report - #9 of 17

[Daniel Miller <bonsaiviking () gmail com>]

List,

To make up for some of Gyani's brevity on account of his connectivity
issues, I'd like to expand on a couple of these exciting items:

On Mon, Jun 29, 2015 at 9:59 AM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

>  * Solved #115 - The script doesn't calculate scores and warnings where
> ever ssl is required, also you won't see the error logs if you run with -d
> and don't have ssl.

The ssl-enum-ciphers script has become one of the de-facto standard ways of
testing an SSL/TLS deployment, ranking near the top with sslscan and Qualys
SSL Labs. This update allows the script to be mostly useful for users who
choose to compile without OpenSSL support. Scores are not listed for most
ciphersuites whose strength is based on the server certificate, but the
ciphersuites are still enumerated, DH parameters checked, and some warnings
issued for misconfigurations.


>  * Wrote a first draft for auto auth, requires user supplied args
> http.username and http.password allows NTLM, Digest and Basic. I would
> suggest that you guys don't change your http.lua :P as this one is probably
> very bugy. Couldn't test much because of no connectivity.[1] I didn't write
> over my http.lua as it had a working and tested support for NTLM and didn't
> want this version to mess it up. I guess I should make another folder in
> nmap-exp/gyani called "probably buggy" :P.

I am really excited for this. The http.lua library is used in 130 NSE
scripts, and auto-auth would enable many of those scripts to extend to
reach deeper into authentication-protected services. Some potential
use-cases:

* Run http-brute to break into a service and then use the discovered
credentials to run http-grep looking for sensitive information inside.
* Provide Windows domain credentials via --script-args-file and then use
http-title to get the title of all NTLM-auth-protected web services on an
internal network (NTLM auth was added by Gyani last week, and will be
committed soon, pending a little further testing and review).


>  * Added parsing for the smb response for linux versions, my system is
> Ubuntu 14.04 and it returns Unix (Samba 4.1.6-Ubuntu). Some more version
> strings provided by you guys would be awesome to test.[2]

The osinfo.lua library will provide automatic OS name and version
canonicalization based on version strings and build numbers that are found
in various service banners. We do a lot of this in nmap-service-probes, but
this should help scripts to report discovered OS's in a standardized way.

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/