mailing list archives
Re: [RFC] Improve NSE HTTP architecture.
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 20 Jun 2011 11:39:13 +0100
On Mon, Jun 20, 2011 at 05:14:17AM -0400, Patrick Donnelly wrote:
On Sun, Jun 19, 2011 at 4:09 PM, Djalal Harouni <tixxdz () opendz org> wrote:
On Thu, Jun 16, 2011 at 05:17:50PM -0700, Fyodor wrote:
That would be easy to add, but I worry about what scripts would do
with the information. For example, suppose we have http-enum do vuln
checks if the 'vuln' category was selected. Well, then what if the
user just specified script names specifically (which may or may not be
in vuln category)? What if user specified --script=all? Maybe rather
than try to reimplement the category selection functionality, the
script(s) could be made to work with it. For example, if the shared
work is done in a library anyway, maybe you could have a small
http-enum-vuln script which users could enable by name or category or
Yes another small script like http-enum-vuln, that will load 'vuln' or
'exploit' fingerprints or matches is a good solution, this way we avoid
the one-script-per-vuln, especially if that check is only 5 Lua
instructions. And loading fingerprints based on their categories should
be done by a library code.
So I'll say: a script that will load the 'intrusive', 'exploit', 'dos"
and 'vuln' fingerprints and matches, can be a popular script.
My main point on this is to use the same NSE categories, and not extra
categories like 'attack', etc.
The 'app' field in the fingerprint table can be used to identify the
How about having each fingerprint get a single category. Then you can
organize the fingerprints into separate http-fingerprint-<category>
Yes, http-fp-vuln, http-fp-discovery, http-fp-dos, http-fp-auth, etc.
But I'm not sure for the "each fingerprint get a single category". I
think that the 'vuln' and 'exploit' fingerprints can be in the same
http-fp-vuln file (I'm not sure).
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/