On Thu, Jun 16, 2011 at 05:17:50PM -0700, Fyodor wrote:
That would be easy to add, but I worry about what scripts would do
with the information. For example, suppose we have http-enum do vuln
checks if the 'vuln' category was selected. Well, then what if the
user just specified script names specifically (which may or may not be
in vuln category)? What if user specified --script=all? Maybe rather
than try to reimplement the category selection functionality, the
script(s) could be made to work with it. For example, if the shared
work is done in a library anyway, maybe you could have a small
http-enum-vuln script which users could enable by name or category or
Yes another small script like http-enum-vuln, that will load 'vuln' or
'exploit' fingerprints or matches is a good solution, this way we avoid
the one-script-per-vuln, especially if that check is only 5 Lua
instructions. And loading fingerprints based on their categories should
be done by a library code.
So I'll say: a script that will load the 'intrusive', 'exploit', 'dos"
and 'vuln' fingerprints and matches, can be a popular script.
My main point on this is to use the same NSE categories, and not extra
categories like 'attack', etc.
The 'app' field in the fingerprint table can be used to identify the