mailing list archives
Re: version detection guideline
From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Apr 2011 14:46:32 -0700
On Sat, Apr 09, 2011 at 06:55:37PM +0300, Toni Ruottu wrote:
Should all scripts do version detection?
At some point I was told that any script that runs into version
information should record that information. There are somethings here
too that are unclear to me. If I write a script that produces serious
output but also records version information, should I then include
that script to the version category. I have understood that you should
not, because the version scripts get enabled automatically when the
user executes a service scan, and the user is not expecting to see
script output. Some scripts that produce output seem to currently be
in the version category, but maybe this is an error.
On the other hand if those scripts are not supposed to be in the
version category, then the problem is that the user does not see the
version results when he does a version scan. Thus to achieve best
results for version scanning the user always needs to do script scans,
and then remove the script output from the results, if he is not
interested in them.
Personally I don't care much if a version script also produces output.
Any script that finds version information should set it with
set_port_version, whether running -sV or not. I just don't see any
reason not to.
If it bothers people to see script output with -sV, we can just avoid
printing script output when !o.scriptscan, like we avoid printing
service information without -sV currently.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/