Nmap Development mailing list archives
Re: ftp-brute.nse overhaul
From: Ron <ron () skullsecurity net>
Date: Sat, 19 Sep 2009 01:34:27 -0500
On 09/19/2009 12:54 AM, Fyodor wrote:
Realistically, the code in ftp-anon.nse, though it needs a little bit of fixing (it isn't buffering lines properly), is so short that factoring out the code doesn't really matter.Well, ftp-anon is one of our default scripts. Checking whether a discovered FTP server allows anonymous access is (arguably) OK by default, but a brute force password guessing attack is not. So it may be best to leave them separate, but factor out any common code into a library. Cheers, -F
That being said, if there are more ideas for FTP, I can create a ftp.lua nselib and put the important code in there. But, I don't really think that's necessary. We'll see, though.. it couldn't hurt.
That's a good point about ftp-anon.nse being default; I'll leave it as is. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ftp-brute.nse overhaul Ron (Sep 18)
- Re: ftp-brute.nse overhaul Fyodor (Sep 18)
- Re: ftp-brute.nse overhaul Patrick Donnelly (Sep 18)
- Re: ftp-brute.nse overhaul Ron (Sep 18)
- Re: ftp-brute.nse overhaul Fyodor (Sep 18)
- Re: ftp-brute.nse overhaul Ron (Sep 18)
- Re: ftp-brute.nse overhaul Patrick Donnelly (Sep 18)
- Re: ftp-brute.nse overhaul Fyodor (Sep 18)
- Re: ftp-brute.nse overhaul Ron (Sep 18)