Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best practice for web vulnerability scripts?

From: George Chatzisofroniou <sophron () latthi com>
Date: Wed, 28 May 2014 17:55:53 +0300
On Tue, May 27, 2014 at 01:19:05PM -0700, Ron Bowes wrote:

I gave Claudiu a simple vulnerability check to write - basically, an auth
bypass in some CMS software. It has an associated CVE number and stuff.

It could very easily be written as a http-enum.nse fingerprint, but I've
noticed that some vulnerability scripts are being written separately so
they can use the vulnerability library and report them by CVE number.

What's the current best practice we're using?


I don't think it really worths having standalone scripts that perform simple
checks.

I believe http-enum has to be extended and support the vulnerability library.
That also means that all the fingerprints in the "attacks" category should be
updated and contain a new field with the description table needed for the vulns
library report.

Then all the vulnerability detection scripts that perform simple checks can move
there. OTOH, if a script makes use of a more advanced technique or depends on a
library (for example, like ssl-heartbleed), it should be written separately.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: