mailing list archives
Re: do we really need all these SNMP scripts?
From: Rob Nicholls <robert () robnicholls co uk>
Date: Sat, 05 Feb 2011 21:43:18 +0000
On Sat, 5 Feb 2011 22:10:06 +0100, Patrik Karlsson wrote:
I don't see the point of implementing a replacement of the snmpwalk
or osql commands as NSE scripts as I would much rather use the
original tools to perform their tasks.
I'm lazy/efficient. If I can get Nmap to do everything (or at least
most things), I don't have to worry about having all of these disparate
tools installed to do the same thing, or having to try and read/parse
the output (Nmap's XML output is valid, stable, reliable, useful).
Plus I can do things like use snmp-brute to identify the community
string and then use the other scripts (including potentially an
snmp-walk script if one were developed) to grab the data without having
to run separate programs and manually (or write a script to) pass data
between them. It's also typically easier to get output out of Nmap's XML
file than parse the output from these different programs (which could,
although they typically don't, change).
If you start going down the route of "use the original tools", then we
could rule out several of the existing scripts (http-enum.nse or
nikto.pl; snmp-interfaces.nse or snmp_ifaces.nasl or Getif; ssl-enum.nse
or thcsslcheck or ssl_supported_ciphers.nasl; smb-* or enum.exe). I'm
really glad we have them though (and in many cases they're more reliable
and can support IPv6). But on the flip side, I agree that we shouldn't
focus on creating scripts when there are already perfectly good
alternatives. If someone happens to develop and submit them, or wants
to, then great. I'm not going to discourage them. But I'd still prefer
to see NSE scripts that do things that aren't - or can't be - done by
Again, just my late night thoughts :)
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/