mailing list archives
Re: General Webdav NSE script and the new IIS6 vulnerability
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 19 May 2009 16:40:45 -0500
-----BEGIN PGP SIGNED MESSAGE-----
But that security-basics thread also highlighted an old, more general
Webdav script from Kris which some people were using to help find
potentially vulnerable systems (those with IIS6+WebDAV enabled):
It's good to see people using a script I wrote but completely forgot about,
especially when I can see code comments I don't remember like "'OPTIONS *' may
seem like a good idea (it did to me), but it blows" :-)
Upon first glance it appears that the script hosted on ack-rst is the same as
the one I originally posted to nmap-dev, aside from them copying part of my
email into the description field:
So my questions are:
1) What is the status of this script? Is it ready to be cleaned up
and integrated? I suppose it would need NSEDoc comments, but is
there anything else missing or restructuring needed? Maybe Kris
can let us know his thoughts on this.
I haven't been able to really keep up with recent NSE stuff, but here's what I
see that needs to be looked at:
1) NSEDoc stuff, as you said
2) I think the id field needs removing
3) License text needs updating
4) Possibly recategorized, but Discovery seems fine for now
All but #1 should be incredibly simple since they're just minor changes.
2) Do people want this script in Nmap? Anyone want to test it out and
report back to nmap-dev how it worked for you, whether it would be
useful for you going forward, and any suggestions you might have
for improving it?
I'd love to hear any feedback on this!
It can probably be improved, but unfortunately my Lua is worse now than when I
wrote that script way back when.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org