Nmap Development mailing list archives
Re: version detection guideline
From: Djalal Harouni <tixxdz () opendz org>
Date: Sun, 10 Apr 2011 16:04:44 +0100
On 2011-04-09 20:52:09 -0400, Patrick Donnelly wrote:
Hi Toni, On Sat, Apr 9, 2011 at 11:55 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:Should all scripts do version detection?If a script comes across this information, yes.At some point I was told that any script that runs into version information should record that information. There are somethings here too that are unclear to me. If I write a script that produces serious output but also records version information, should I then include that script to the version category. I have understood that you should not, because the version scripts get enabled automatically when the user executes a service scan, and the user is not expecting to see script output. Some scripts that produce output seem to currently be in the version category, but maybe this is an error.Right, a script running in the "version script scanning phase" shouldn't be producing script output. The problem is scripts can distinguish between the two. I think we (David, Fyodor, and I) talked about having a versionrule so scripts would know (via SCRIPT_TYPE) they are supposed to be collecting version information and not producing other output. A versionrule would basically be the same as a portrule. Alternatively, NSE may just discard the script output during the version script scan phase and scripts wouldn't need to worry about it at all.
Yes, I remember this and I've even written two different patches, and I've discussed this with Patrick on IRC, and David has also provided good feedback for it, but It was my fault: I didn't get enough time to do more testing and to re-adapt the patch in order to merge it. The old versionrule thread: http://seclists.org/nmap-dev/2010/q3/551 There is a branch for it but it's outdated. There are lot of new changes to the current nse_main.lua file of the trunk. svn://svn.insecure.org/nmap-exp/djalal/nse-versionrule/ Personally: I prefer the first simple design and patch. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- version detection guideline Toni Ruottu (Apr 09)
- Re: version detection guideline Patrick Donnelly (Apr 09)
- Re: version detection guideline Djalal Harouni (Apr 10)
- Re: version detection guideline David Fifield (Apr 18)
- Re: version detection guideline Patrick Donnelly (Apr 09)