Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [Patch] Intensity for NSE version scripts
From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 16 Jul 2014 10:31:23 -0400

Hi Jay

On Wed, Jul 16, 2014 at 8:08 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:

I've been working on how to make NSE version scripts obey intensity
(i.e. similar to --version-intensity used for normal Nmap service probes).
Note: If the user specifies "script-intensity" in --script-args then
that is used as intensity; otherwise, the value of --version-intensity
is used.

I've come up with 2 methods for this:

Method 1: Using optional argument to shortport.version_port_or_service()
The optional rarity variable defaults to 7 if unspecified. The script
doesn't run when intensity < rarity.

Method 2: Using rarity field
This method involves adding a field (like author, license, dependencies
etc.) to version scripts. This rarity field is an optional field that
defaults to 7 if not specified. It does not let the script run if
intensity < rarity.

Another way to look at this is version-intensity is a type of script
selection where categories are appropriate. You could add a helper
function which adds "versionN" to the script's categories table
depending on the version script's intensity. Then the internal version
system would select the appropriate intensities  rather than just
"version" (although it should still select "version" for
compatibility). e.g.:

-sV --version-intensity 3

will cause the version engine to select: "version0,version1,version2,version3"

This has the benefit that we don't bother testing scripts which will
never run; since version intensity is statically set at startup, it
can't change during Nmap's execution.

That's just one other possibility. Of the two you gave, I like method
1 the best.

-- 
Patrick Donnelly
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]