Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: version detection guideline

From: Djalal Harouni <tixxdz () opendz org>
Date: Sun, 10 Apr 2011 16:04:44 +0100
On 2011-04-09 20:52:09 -0400, Patrick Donnelly wrote:

Hi Toni,

On Sat, Apr 9, 2011 at 11:55 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:

Should all scripts do version detection?


If a script comes across this information, yes.


At some point I was told that any script that runs into version
information should record that information. There are somethings here
too that are unclear to me. If I write a script that produces serious
output but also records version information, should I then include
that script to the version category. I have understood that you should
not, because the version scripts get enabled automatically when the
user executes a service scan, and the user is not expecting to see
script output. Some scripts that produce output seem to currently be
in the version category, but maybe this is an error.


Right, a script running in the "version script scanning phase"
shouldn't be producing script output. The problem is scripts can
distinguish between the two. I think we (David, Fyodor, and I) talked
about having a versionrule so scripts would know (via SCRIPT_TYPE)
they are supposed to be collecting version information and not
producing other output. A versionrule would basically be the same as a
portrule. Alternatively, NSE may just discard the script output during
the version script scan phase and scripts wouldn't need to worry about
it at all.

Yes, I remember this and I've even written two different patches, and
I've discussed this with Patrick on IRC, and David has also provided good
feedback for it, but It was my fault: I didn't get enough time to do more
testing and to re-adapt the patch in order to merge it.
The old versionrule thread: http://seclists.org/nmap-dev/2010/q3/551

There is a branch for it but it's outdated. There are lot of new changes
to the current nse_main.lua file of the trunk.
svn://svn.insecure.org/nmap-exp/djalal/nse-versionrule/

Personally: I prefer the first simple design and patch.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: