Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ms-sql scripts and library updates merged
From: Chris Woodbury <woodbusy () gmail com>
Date: Tue, 29 Mar 2011 17:10:48 -0500

Sorry also for the long delay.

My vote is for taking Fyodor's option #3 and changing the host rule (patch
attached) so the script runs if
1) SQL Server instance discovery has already been performed and instances
were found
OR
2) One of the instance-targeting script args (e.g. mssql.instance-name) was
specified
OR
3) A SQL Server-related port (1434/udp, 1433/tcp, smb.get_port()) was
scanned and was not closed.
This keeps a pretty handy info-gathering script as a default when it's
applicable, but hopefully keeps it from running too often when it's not.

What are your thoughts?
-chris


On Mon, Mar 28, 2011 at 6:08 PM, Patrik Karlsson <patrik () cqure net> wrote:



Den 2011-03-19 21.45 skrev Fyodor <fyodor () insecure org>:

On Sat, Feb 26, 2011 at 11:50:25PM +0100, Patrik Karlsson wrote:
Hi all,

I just merged the work Chris Woodbury and I have been doing on the
ms-sql branch.

This is exciting stuff!  But I'm noticed some unfortunate performance
characteristics in certain scans due to the way that ms-sql-discover
and ms-sql-info are in the "default" category and have hostrules which
basically match every host.  So say I want to scan for web servers and
run the default web-related scripts against them.  I might do:

./nmap --datadir . -p80 -Pn -n -v --open -T4 -sC scanme.nmap.org/24

This took 120 seconds in the run I just did.  But almost all of this
time is actually from ms-sql-*.  If I change -sC to "--script default
and not ms-sql-*" to exclude the sql scripts, it takes less than 7
seconds.

I'm not sure of the best solution.  Options include:

o Remove these scripts from "default"

o Make mssql.SCANNED_PORTS_ONLY default behavior (so it looks at the
 port state of common ms-sql ports rather than trying to query all
 hosts)

o Or maybe there are other ways to make it more selective or faster?

What do you think?

Cheers,
Fyodor

Sorry for not getting back to you on this. As I haven't had the time to
come up with a better solution, I propose we remove it from default for
now. Anyone disagree?

//Patrik




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: ms-sql-info_hostrule.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]