Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: showHTMLTitle.nse PANIC bug on windows - Title got truncated!
From: Fyodor <fyodor () insecure org>
Date: Tue, 13 Nov 2007 18:00:18 -0800

On Fri, Nov 09, 2007 at 01:40:33PM -0600, gabriel () gsource org wrote:
Running 4.22SOC8 on WinXP, i eventually get this response.


Initiating Parallel DNS resolution of 150 hosts. at 13:22
Completed Parallel DNS resolution of 150 hosts. at 13:22, 6.53s elapsed
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 13:22
SCRIPT ENGINE Timing: About 17.02% done; ETC: 13:25 (0:02:26 remaining)
SCRIPT ENGINE DEBUG: showHTMLTitle.nse: Title got truncated!
SCRIPT ENGINE Timing: About 34.04% done; ETC: 13:25 (0:01:56 remaining)
PANIC: unprotected error in call to Lua API (C:\Program
Files\Nmap\scripts\showH
TMLTitle.nse:32: bad argument #3 to 'connect' (Sorry, you don't have
OpenSSL.))

C:\temp>

Hi Gabriel.  Thanks for the report.  I can reproduce this by script
scanning an SSL scanner from Windows (e.g. "nmap -p443 -P0 -sC -d
www.amazon.com").  One difference though is that my Nmap doesn't
crash--just that script bails out.  Presumably the same thing would
happen on Unix if compiled --without-openssl.

I think the script (showHTMLTitle.nse) just needs to be modified to
skip ssl servers if OpenSSL is not available.  Does anyone have an
idea for the best way to do this?  Perhaps there should be (or already
is?) a way to query for this information.  Or maybe the script just
needs to look for tye "you don't have OpenSSL" error from
socket:connect().

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]