Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ms-sql scripts and library updates merged
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 29 Mar 2011 01:08:56 +0200

Den 2011-03-19 21.45 skrev Fyodor <fyodor () insecure org>:

On Sat, Feb 26, 2011 at 11:50:25PM +0100, Patrik Karlsson wrote:
Hi all,

I just merged the work Chris Woodbury and I have been doing on the
ms-sql branch.

This is exciting stuff!  But I'm noticed some unfortunate performance
characteristics in certain scans due to the way that ms-sql-discover
and ms-sql-info are in the "default" category and have hostrules which
basically match every host.  So say I want to scan for web servers and
run the default web-related scripts against them.  I might do:

./nmap --datadir . -p80 -Pn -n -v --open -T4 -sC scanme.nmap.org/24

This took 120 seconds in the run I just did.  But almost all of this
time is actually from ms-sql-*.  If I change -sC to "--script default
and not ms-sql-*" to exclude the sql scripts, it takes less than 7

I'm not sure of the best solution.  Options include:

o Remove these scripts from "default"

o Make mssql.SCANNED_PORTS_ONLY default behavior (so it looks at the
 port state of common ms-sql ports rather than trying to query all

o Or maybe there are other ways to make it more selective or faster?

What do you think?


Sorry for not getting back to you on this. As I haven't had the time to
come up with a better solution, I propose we remove it from default for
now. Anyone disagree?


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]