Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Some scripts for analyzing NetBus
From: Fyodor <fyodor () insecure org>
Date: Fri, 14 Jan 2011 00:45:42 -0800

On Thu, Dec 30, 2010 at 02:37:38PM +0200, Toni Ruottu wrote:
The scripts store a password in nmap.registry.netbuspassword. This won't
work if more than host with different passwords is scanned at the same
time. You should make this indexed by IP address and port number.

Is string.format("%s:%d", host.ip, port.number) always unique and a
valid key, or is there some advanced library function for serializing
the host information? E.g. what would happen if the host was IPv6?

When you add that and the <empty> thing David mentioned, could you
also add an NSE script argument for specifying the Netbus password for
scripts like netbus-info?  That way users don't need to use
netbus-brute every time.  It would then need @args to be documented in
the NSEDoc section.  See Patrik's informix-query (among many other
scripts which do this) for an example of passing the authentication in
a script arg.  And would you add a @usage section to the scripts where
the default generated by our NSEDoc renderer "nmap -sV
--script=[scriptname] <target>" isn't ideal or informative enough?

I'm glad the new Nmap release will have some old school protocols like
Gopher and Netbus thanks to your scripts :).

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]