Nmap Development mailing list archives
Re: LUA Script Ideas
From: "Eddie Bell" <ejlbell () gmail com>
Date: Mon, 31 Jul 2006 12:52:20 +0200
This feature is very cool. I've attached a little script that no vulnerability scanner scan should be without, anonymous ftp check :) I can't wait to try and code a proper vulnerability test. I haven't check the code yet but it would be very useful if NSE had access to os detection and service scan results because vulnerability checks would be very accurate. Especially memory corruption based tests. And how are the scripts going to be distributed? All with the nmap archive? An online repository? A nessus style seperate archive? etc.. -ejlb On 31/07/06, Fyodor <fyodor () insecure org> wrote:
If you have tried Diman's new Nmap Scripting Engine (LUA) enhancement, you've seen that it ships with a dozen simple scripts: lua_scripts/harmless: -rw------- 1 fyodor fyodor 473 Jul 22 05:54 chargenTest.lua -rw------- 1 fyodor fyodor 476 Jul 22 05:54 daytimeTest.lua -rw------- 1 fyodor fyodor 515 Jul 22 05:54 echoTest.lua -rw------- 1 fyodor fyodor 625 Jul 22 05:54 ripeQuery.lua -rw------- 1 fyodor fyodor 1064 Jul 30 22:03 showHTMLTitle.lua -rw------- 1 fyodor fyodor 918 Jul 30 04:42 showOwner.lua -rw------- 1 fyodor fyodor 554 Jul 30 05:16 showSMTPVersion.lua -rw------- 1 fyodor fyodor 579 Jul 22 05:54 showSSHVersion.lua lua_scripts/intrusive: -rw------- 1 fyodor fyodor 1228 Jul 22 05:54 xamppDefaultPass.lua lua_scripts/malware: total 16 -rw------- 1 fyodor fyodor 604 Jul 22 05:54 ircZombieTest.lua -rw------- 1 fyodor fyodor 913 Jul 22 05:54 kibuvDetection.lua -rw------- 1 fyodor fyodor 534 Jul 22 05:54 mswindowsShell.lua -rw------- 1 fyodor fyodor 468 Jul 22 05:54 strangeSMTPport.lua Some of these are just for demonstration purposes while others may be worth keeping in the default Nmap distribution. Does anyone have any other ideas of useful scripts you would like to see in Nmap by default? I'm thinking of network discovery scripts in particular, though vulnerability testing scripts are welcome too. Scripts can be specific to a service, or to the target host in general. If you have ideas, please post them. And extra credit if you try your hand at writing and testing the script and then mail it to us for incorporation. You can learn more about using the system by reading the included docs/nmap-lua.1 and looking at the test scripts. You can also read the first edition of the definitive LUA book at http://www.lua.org/pil/ . The 2nd edition (which I've been reading this evening) can be had in print for $25 at Amazon. Its an interesting language! Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Martin Mačok (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Aug 01)
- Re: LUA Script Ideas Fyodor (Aug 02)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Richard Moore (Jul 31)
- Re: LUA Script Ideas Jon Passki (Jul 31)