Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 16 May 2008 18:46:31 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
On Fri, May 16, 2008 at 05:00:53PM -0500, Kris Katterjohn wrote:
I've removed the "Recursion not enabled" line from the script, and have
also removed it from Default list.  Sorry that one took so long :)

I think it may be worth keeping in the default list now that you've
removed the "not enabled" response.  Also, I just changed the DNS
query target in that script from isc.sans.org to www.wikipedia.org
since the latter is a bit less distinctive.


OK, I've added back to my list.  Thinking about it again, since the
version detection can potentially "waste" time on open|filtered ports,
the default script scan could understandably behave the same way since
they're both really in-depth.

* ircServerInfo - I don't think this is default material (but I'm also
  not an IRC user)

Well, it only runs if an IRC port is open and it then does discovery
for server information.  I'd suggest including it unless people think
the output is too verbose or not useful enough.


Running against irc.efnet.org gives me:

6666/tcp open  irc     syn-ack
|  IRC Server Info: Server: irc.blessed.net
|  Version: ircd-ratbox-3.0.0beta3(20080423_3-25265). irc.blessed.net
|  Servers/Ops/Chans/Users: 61/406/27994/59199
|  Lservers/Lusers: 1/1360
|  Uptime: 13 days, 6:41:47
|  Source host: adsl-074-182-015-130.sip.jan.bellsouth.net
|_ Source ident: NONE or BLOCKED

Which is quite verbose.  It too could be fixed up with nmap.verbosity(),
but I don't want to mess with it because I don't know what would be
interesting enough for IRC users :)

* zoneTrans - Just doesn't seem like default material IMO

I like this one too.  Many name servers still allow zone transfers to
anyone.  I succeeded in this just a few weeks ago.  The domain had 3
name servers and the first two failed to allow the transfer.  But the
third was a charm!


Sounds good to me.

Cheers,
-F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSC4c1f9K37xXYl36AQKXZRAAj4YqYkoPb8CcKeKkgAao7qz+Tzu4b8nu
yD7ec5eN0CkVpe+DHrOpyJwQSO9DFY/oTcxlUYTqEJth7eKASb/rHlZknowcxVM+
WOb/yRQlbHafbldpfVdqxF9hGPynNON6TNK7rBK1TJq4jHvReDBjqAtLdmh/jiBI
K1bwXhHIKBxmuqi7gzx/gxIoCxvAkzMu2qi1ayT8nQGb5odXEXKx0wbfHa1r0Scs
d9nkPjulZUkxX8Dx14LM05wJR0x4Yv1hqUJNVOCuUaxhzhffXPNAD0pqXvfIC2ec
/vus9kkqRPnBIyoIQB/RfaGa30yHwZvbChZMQhmrtAKlAb5bob2jgQJabwpyTvEu
unuwK9Q7/xUH4JbSLYeEbiqozbCTLn2iYp7pV38WmOt2dPv6LgIOayMEMOniOj55
++6AsTVGM0sm3UCOmFTkj0+2escs+EkIkKF1N1D1QvyoNKG+9QJgE8B8HJLwLyrG
TRm3YwiM15+gaEmaIBy0gIuwntnvMbHIDoR9hU0tLBbEUdzdULLrDIqwvJHVArn1
Uh3ET5fVMSn0L2Wr1jOPzV2GfOhQfQwiPuS683nMo3nQuIvX7/qr4omYWbK1rWaV
ga1s5cDK+M6h+pdseWQud9g+HGANqLVhjVIIXKUfifA1ED4Q8dkrT6A8Bx83gzT/
+1o62aiADOk=
=WcSk
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]