Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Improve NSE HTTP architecture.
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 20 Jun 2011 11:39:13 +0100

On Mon, Jun 20, 2011 at 05:14:17AM -0400, Patrick Donnelly wrote:
On Sun, Jun 19, 2011 at 4:09 PM, Djalal Harouni <tixxdz () opendz org> wrote:
On Thu, Jun 16, 2011 at 05:17:50PM -0700, Fyodor wrote:
That would be easy to add, but I worry about what scripts would do
with the information.  For example, suppose we have http-enum do vuln
checks if the 'vuln' category was selected.  Well, then what if the
user just specified script names specifically (which may or may not be
in vuln category)?  What if user specified --script=all?  Maybe rather
than try to reimplement the category selection functionality, the
script(s) could be made to work with it.  For example, if the shared
work is done in a library anyway, maybe you could have a small
http-enum-vuln script which users could enable by name or category or
whatever.
Yes another small script like http-enum-vuln, that will load 'vuln' or
'exploit' fingerprints or matches is a good solution, this way we avoid
the one-script-per-vuln, especially if that check is only 5 Lua
instructions. And loading fingerprints based on their categories should
be done by a library code.
So I'll say: a script that will load the 'intrusive', 'exploit', 'dos"
and 'vuln' fingerprints and matches, can be a popular script.

My main point on this is to use the same NSE categories, and not extra
categories like 'attack', etc.
The 'app' field in the fingerprint table can be used to identify the
application type.

How about having each fingerprint get a single category. Then you can
organize the fingerprints into separate http-fingerprint-<category>
scripts:

http-fingerprint-intrusive
http-fingerprint-discovery
http-fingerprint-vuln
Yes, http-fp-vuln, http-fp-discovery, http-fp-dos, http-fp-auth, etc.

But I'm not sure for the "each fingerprint get a single category". I
think that the 'vuln' and 'exploit' fingerprints can be in the same
http-fp-vuln file (I'm not sure).

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]