Nmap Development mailing list archives
Re: [NSE] script to check for weak SSH hostkeys
From: Sven Klemm <sven () c3d2 de>
Date: Sun, 19 Oct 2008 15:21:55 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote:
On Sat, Oct 18, 2008 at 03:48:27PM +0200, Sven Klemm wrote:Any opinions about including this and whether it should be in the default category?I think it is a great script and could be quite valuable to many users! But it doesn't seem very suitable for inclusion within Nmap because it requires a huge data file (bigger than all the rest of Nmap combined when compressed, IIRC) and most people won't have that installed. If people need to get this data file anyway, they might as well get the script at the same time. So I suggest distributing the data files and NSE script separately from Nmap. You could put it in a web page, or an nmap-exp directory.
Currently it's in nmap-exp/sven/nse_openssl but a general repository for NSE scripts not part of nmap seems like a good idea.
If this sort of thing proves to be required by a whole lot of scripts, maybe at some point we'll host a web CGI or read-only DB for this sort of thing (queryme.nmap.org ;). Obviously that would bring up the same issues as our other "external" scripts.
I am currently working on a similar script for SSL certificates. I am not sure about the web CGI idea though. On the one hand this is certainly useful for users who only occasionally check the hostkey and have no problem to submit these information but on the other hand it might raise security concerns to submit these sensitive information to a website. Cheers, Sven - -- Sven Klemm http://cthulhu.c3d2.de/~sven/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkj7NDYACgkQevlgTHEIT4ZF5QCghZnGQxxhh1MNadFfeYl0MjMb AxYAn1/IhKBvX0yb1KLOhUA4fwDsva2Y =w/I3 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] script to check for weak SSH hostkeys Sven Klemm (Oct 18)
- Re: [NSE] script to check for weak SSH hostkeys David Fifield (Oct 18)
- Re: [NSE] script to check for weak SSH hostkeys Sven Klemm (Oct 18)
- Re: [NSE] script to check for weak SSH hostkeys Fyodor (Oct 19)
- Re: [NSE] script to check for weak SSH hostkeys Arturo 'Buanzo' Busleiman (Oct 19)
- Re: [NSE] script to check for weak SSH hostkeys Sven Klemm (Oct 19)
- Re: [NSE] script to check for weak SSH hostkeys Arturo 'Buanzo' Busleiman (Oct 19)
- Re: [NSE] script to check for weak SSH hostkeys David Fifield (Oct 18)