mailing list archives
Re: [RFC] Factor out ftp bounce scan
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 10 Dec 2013 20:29:04 -0600
I found a few servers on the Internet via scans.io (a great resource!)
to test, and this patch at least preserves the existing behavior. The
code could use a lot of work, and I think that moving it to a NSE
script would be a good move, even without direct "port scanning"
After my testing, I merged this in r32558. The code could use a lot of
work; it doesn't work with a few servers I found that ftp-bounce.nse
says are vulnerable (could be a bug in both programs), nor with some
that give obviously different responses for closed vs open ports.
On Fri, Dec 6, 2013 at 3:55 AM, Henri Doreau <henri.doreau () gmail com> wrote:
2013/12/6 Daniel Miller <bonsaiviking () gmail com>:
The attached patch factors out FTP Bounce scan from the various files
it resided in (nmap.h, nmap.cc, scan_engine.cc, global_structures.h)
into nmap_ftp.h and nmap_ftp.cc.
The purpose is to make it easier to convert this functionality to some
more-appropriate implementation such as NSE (if NSE-based port
scanning is ever committed). At the very least, it de-clutters some
core files. Your thoughts and testing are much appreciated.
I'd first need to find a suitable server to test the patch against
(are there still some??) but the idea sounds excellent to me, and so
does the patch at first sight.
I have no time to work on NSE-based port scanning at the moment but
the patch still lies in nmap-exp/henri, and I can provide some help if
someone is interested in reviving it. I still believe that this would
have a great potential.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/