Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ms-sql scripts and library updates merged
From: Fyodor <fyodor () insecure org>
Date: Sat, 19 Mar 2011 12:45:05 -0700

On Sat, Feb 26, 2011 at 11:50:25PM +0100, Patrik Karlsson wrote:
Hi all,

I just merged the work Chris Woodbury and I have been doing on the
ms-sql branch.

This is exciting stuff!  But I'm noticed some unfortunate performance
characteristics in certain scans due to the way that ms-sql-discover
and ms-sql-info are in the "default" category and have hostrules which
basically match every host.  So say I want to scan for web servers and
run the default web-related scripts against them.  I might do:

./nmap --datadir . -p80 -Pn -n -v --open -T4 -sC scanme.nmap.org/24

This took 120 seconds in the run I just did.  But almost all of this
time is actually from ms-sql-*.  If I change -sC to "--script default
and not ms-sql-*" to exclude the sql scripts, it takes less than 7

I'm not sure of the best solution.  Options include:

o Remove these scripts from "default"

o Make mssql.SCANNED_PORTS_ONLY default behavior (so it looks at the
  port state of common ms-sql ports rather than trying to query all

o Or maybe there are other ways to make it more selective or faster?

What do you think?

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]