Home page logo

nmap-dev logo Nmap Development mailing list archives

NSE output verbosity (p2p-conficker)
From: Fyodor <fyodor () insecure org>
Date: Wed, 3 Jun 2009 16:59:41 -0700

I was just going to send this to Ron, but then decided on nmap-dev
after my thoughts wandered a bit beyond the initial topic ...

I was just scanning my linux localhost (with Samba listening on 139)
and noticed in the default script output:

|  p2p-conficker: Checking for Conficker.C or higher...
|  | Check 1 (port 49055/tcp): CLEAN (Couldn't connect)
|  | Check 2 (port 28593/tcp): CLEAN (Couldn't connect)
|  | Check 3 (port 4348/udp): CLEAN (Failed to receive data)
|  | Check 4 (port 25691/udp): CLEAN (Failed to receive data)
|_ |_ 0/4 checks: Host is CLEAN or ports are blocked

Since the upcoming stable version of Nmap may be used for a long time,
I don't think we want this much output from p2p-conficker for a
default scan.  It should probably be changed to either only provide
output if a problem is found (or verbosity 2+), or it should probably
be removed from the default category.

Another idea is to make it easy for scripts to tell if they were
specified by name on the command line.  Then they could increase their
personal verbosity level a couple points.  That way the detailed
p2p-conficker results could only be printed if -vv or if the user
specified something like "--script p2p-conficker" on the command line,
but not for a default script scan.  The theory behind this is that
someone who specifies p2p-conficker on the command line is showing a
particular interest in that script and likely wants to see proof that
it has run, etc.  But someone who just gets p2p-conficker by default
is less likely to want an "all clean" report from every default

The immediate need is to do something about p2p-conficker, but the
latter idea might be a useful post-stable improvement.  If anyone else
wants to mention any scripts which could use output cleanup before the
stable release, now is your chance to speak up about them (or even
send a patch!)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]