mailing list archives
Re: [NSE] ip-geolocation
From: Fyodor <fyodor () insecure org>
Date: Tue, 28 Jun 2011 20:53:04 -0700
On Tue, Jun 28, 2011 at 04:57:54PM -0700, Fyodor wrote:
On Tue, Jun 28, 2011 at 04:46:17PM -0700, Fyodor wrote:
On Tue, Jun 14, 2011 at 02:36:48PM +0200, Gorjan Petrovski wrote:
Hi Gorjan. The ip-geolocation-quova includes three API keys that you
apparently got by free registration. When you registered, did it make
"secret_codes" in Nmap violate their terms?
Even if we keep the API keys in there, the script should have an NSE
argument for people to give their own keys instead. Can you add that
and document it in the NSEDoc?
These questions and the suggestion applies to the
ip-geolocation-infodb database too.
We needed to build a release, so David and I looked into this.
Quova's makes you agree to their TOS in order to get an API key, and
their TOS seems to pretty clearly ban this sort of usage
(http://developer.quova.com/apps/tos). So we had to delete the script
for now. Gorjan: Can you write them and ask for permission to use it
in Nmap? They'll probably say no or ask for money (which means no in
the case of a free tool like Nmap), but it doesn't hurt to ask. If
they say no or don't answer, then we'll have to make it so that the
script requires the user to input an API key as an NSE arg or by
modifying the .nse.
IPInfoDB, on the other hand, doesn't seem to have a clear policy
against this. It didn't make me agree to anything when I tried
registering. But would you (Gorjan) write to them and ask permission
anyway? I've kept the script in for now, but we should do the same as
Quova (require the user to provide a key) if IPInfoDB says that we
can't redistribute a key in our script.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/