Nmap Development mailing list archives
Re: LUA Script Ideas
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 31 Jul 2006 12:43:51 +0200
Some quick ideas... 1) Rip information from SSL (CNAME, CA/self-signed, expiration...), check what SSL versions are supported and what ciphers can be negotiated (including NULL "ciphers"). 2) Detect ISAKMP and check what authentication methods are available, also check for Aggressive mode... 3) Integrate general proxy scanning support with LUA (?) ... something like "if you find something that could be abused as a scanner proxy, automagically try to scan private networks through it" or at least "test if it is abusable" 4) gather useful info from SNMP services (snmpwalk-like) 5) gather useful info from SMB services (enumerate shares, check read/write permissions, dirtree, MAC address, network neighborhood, deltree ;-) 6) simple DoS test by opening a LOT of concurrent TCP connections 7) SMTP relay test 8) open-proxy test (http and socks) 9) DNS recursivity test 10) detect PHP on HTTP servers using expose_php magic ... .... 20000) Dominate the world by making Nessus obsolete ;-) Martin Mačok ICT Security Consultant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Martin Mačok (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Aug 01)
- Re: LUA Script Ideas Fyodor (Aug 02)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Richard Moore (Jul 31)
- Re: LUA Script Ideas Jon Passki (Jul 31)