Nmap Development mailing list archives
Re: [NSE] Presentation and Vulscan Framework
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Nov 2010 16:20:19 -0800
On Fri, Nov 19, 2010 at 10:17:45AM +0100, Marc Ruef wrote:
Hello, A few weeks ago I was a speaker at Hashdays, a security conference in Switzerland[1]. My talk had the title "Nmap NSE Hacking for IT Security Professionals". After a short introduction to Nmap/NSE I have shown the enhancements we have made to improve our security scanning and penetration testing. We wrote additional NSE scripts for data gathering and parse the results in a database (more an expert system) for further moderation[2]. The slides (English) and a _very small_ glimpse of our framework have been published on our companies labs site: http://www.scip.ch/?labs.20101119 We are providing a set of top 10 scripts for web server analysis. The xml output can be parsed with a Ruby script to generate a csv file. This file can be imported into a spreadsheet or database. See the blog post and slides for further details. Perhaps one or another is interested in this line of work. We would appreciate feedback of course.
This is interesting: 80/tcp open http Apache httpd | web_server_identification: sID{1}, | sAccuracy{80}, | sTesttype{Exploiting}, | sTestsource{Application Mapping}, | sVersion{1.0-hd10}, | sOutput{Header: | | Date: Thu, 18 Nov 2010 10:24:03 GMT | Server: Apache | Vary: Accept-Encoding | Content-Length: 6749 | Connection: close | Content-Type: text/html | | }, | sDescription{The target service is a web server which is using the application protocol http to communicate. An attacker might approach this service to enumerate or compromise the target host.}, |_sTimestamp{1290075843}; | web_server_banner_grabbing: sID{2}, | sAccuracy{80}, | sTesttype{Scanning}, | sTestsource{HTTP-Banner (Server Line)}, | sVersion{1.0-hd10}, | sOutput{Apache}, | sDescription{The web server is announcing himself with a welcome banner in the Server line of the http header. An attacker might use this information to initiiate target-oriented attacks.}, |_sTimestamp{1290075843}; Feld Beschreibung sId Eindeutige Identifikationsnummer des NSE-Skripts sAccuracy Genauigkeit der Analyse in Prozent sTesttype Typ des Tests (Derivative, Portscan, Scanning, ...) sTestsource Quelle der Daten (in diesem Fall immer Nmap) sVersion Versionsnummer des NSE-Skripts sOutput Ausgabe des Testzugriffs (z.B. gefundener Banner) sDescription Kurze Beschreibung des Problems sTimestamp Unix-Timestamp bei erfolgreicher Identifikation I know we keep talking about making NSE output more structured. I know you set up these scripts for database import, but these might be the kind of structured fields we add. (They could possibly be hidden by default or only shown in the XML.) David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Fyodor (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Ron (Nov 20)
- Re: [NSE] Presentation and Vulscan Framework David Fifield (Nov 22)