Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE Script] MySQL Server Information
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 18 Dec 2007 20:25:22 -0600

jah wrote:
I think that this thread is getting difficult to follow! ;)

 From my point of view I think it's clear that an ideal would be to have 
one script, which defaults to the "safe" mode of gathering information, 
but which can also be stepped-up to be more intrusive should the user 
require it.  Otherwise we'd have a brute-force script that did exactly 
the same as the info script (with, obviously, the bruting too) and that 
seems rather counter-intuitive.  Much better, I think, to have all the 
functionality in one script and a) not needlessly introduce code 
redundancy and b) not needlessly increase the amount of network activity 
in such cases (for example) where all scripts are run.

For now though the current script is very useful and stands alone.  In 
the future (and assuming that MySQLinfo is checked-in), it might be 
replaced with a script that increases the functionality, but behaves the 
same in it's default mode.

Yeah, that sounds good.  We can work with Thomas on the improved script; 
remember, it requires the SSL bindings.

For now though, if anybody thinks so and I'm given the go I'll commit 
the new script as-is.  Unless we have any other suggestions! :)

And here's a mad thought, there could be a complete overhaul of the 
script category framework which would allow a modifier category of some 

categories = {"safe", "discovery"}
modified-by = {"intrusive", "vulnerability"}

so that a script in the above categories would behave safely if a script 
scan called for safe and discovery scripts, but would behave more 
intrusively if a scan called for intrusive and vulnerability scripts.

hmmmmm, what thinketh youeth?

That sounds like a really cool idea


Kris Katterjohn

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]