On Fri, Jun 10, 2011 at 11:21:00AM +1000, Brendan Coles wrote:
Version 0.2 is attached which implements the suggested changes.
A user count is provided, a reference to the full disclosure post was
and error handling was improved.
This looks good to me. Could someone commit it when possible?
The only thing that really stands out to me is the repeated code that
gets the configuration values--could that be transformed into a loop
over a table of variable names?
Perhaps it should run only if service detection finds a Barracuda
device? The benefits are that we could make this script default without
causing extra traffic to other types of web servers. The downside is
that we'll not detect a vulnerability if version detection fails. I
think there's something to be said for making scripts like this run by
default when they can be reasonably limited. Otherwise they may exist
but never get used except in special circumstances.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/