Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Fyodor <fyodor () insecure org>
Date: Mon, 12 May 2008 12:57:12 -0700

On Fri, May 09, 2008 at 05:17:44PM -0500, Kris Katterjohn wrote:
* SSLv2-support - Produces quite a bit of output, and doesn't seem
useful enough for default

I decided to take a look at an example:

#nmap -PN --script SSLv2-support.nse amazon.com

Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-12 12:41 PDT
Warning: Hostname amazon.com resolves to 3 IPs. Using
Interesting ports on 206-5.amazon.com (
Not shown: 1713 filtered ports
80/tcp  open  http
443/tcp open  https
|  SSLv2: server still supports SSLv2
|       SSL2_DES_192_EDE3_CBC_WITH_MD5
|       SSL2_IDEA_128_CBC_WITH_MD5
|       SSL2_RC2_CBC_128_CBC_WITH_MD5
|       SSL2_RC4_128_WITH_MD5
|       SSL2_RC4_64_WITH_MD5
|       SSL2_DES_64_CBC_WITH_MD5
|       SSL2_RC2_CBC_128_CBC_WITH_MD5
|_      SSL2_RC4_128_EXPORT40_WITH_MD5

Nmap done: 1 IP address (1 host up) scanned in 19.527 seconds

While the first line ("SSLv2: server still supports SSLv2") looks
useful and reasonable, I'm not sure the rest clears the bar for data
which should be printed by default.  Every Nmap output line is
precious, because if we flood people with low-value/debugging
information, they may miss something important.

Does anyone have concrete reasons why it is important to enumerate the
full list of supported SSL2 ciphers?  If not, I suggest that we change
the script to only print those in debugging mode or when verbosity
level is at least 2.  With that change, I think it is reasonable to
keep the script default.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]