Re: [NSE] MSRPC Libraries (stable, I hope!)

[Fyodor <fyodor () insecure org>]

On Wed, Oct 29, 2008 at 08:55:09AM -0500, Ron wrote:
> I was sort of thinking of pulling more information (this is all just 
> straight from the registry) like a device list, installed programs, 
> windows patches, etc. -- I don't know how far I want to go right now, 
> though. 

Hi Ron.  Installed patches certainly strikes me as something extremely
valuable.  If it is too much to print by default, it could be stored
in the registry and then perhaps a different script could take that
data and use it to present a list of missing security patches.

> This is almost more on the administration side of things than on 
> the pen-testing side, and I'm not sure where I prefer to keep my focus.

Well, the patch list is clearly useful for security.  Also, a key goal
of NSE was to be useful for more general network administration (or at
least discovery/inventory) work.  We may call this project the Nmap
Security Scanner, but it is clearly used by a much broad base than
that.  This is why the first two sentences on nmap.org say:

  "Nmap ("Network Mapper") is a free and open source (license) utility
   for network exploration or security auditing. Many systems and
   network administrators also find it useful for tasks such as
   network inventory, managing service upgrade schedules, and
   monitoring host or service uptime."

Of course for individual scripts, more focus can be beneficial.
Multiple targetted scriptsi is probably better than one giant one
which tries to make everyone happy.  One of the great things about the
MSRPC libraries is that they are useful for a wide variety of tasks.
I'm really excited by them!

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org