Nmap Development mailing list archives
Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks
From: Paulino Calderon <paulino () calderonpale com>
Date: Sat, 09 Jul 2011 15:01:01 -0700
On 07/08/2011 10:50 PM, Patrik Karlsson wrote:
On Jul 9, 2011, at 8:39 AM, Paulino Calderon wrote:On 07/08/2011 04:25 PM, Henri Doreau wrote:2011/7/8 Paulino Calderon<paulino () calderonpale com>:I've added an argument to pass the api key from command line and commited this script as 'http-google-malware' r24749.Hi Paulino, I've just quickly read the script and it sounds good. I have a comment concerning arguments handling though. Wouldn't that be better to use of stdnse.get_script_args() instead of reading them from the registry? In the secwiki entry[1] I also mentioned the "Symantec Norton safe web" service. Just for information: do you have plans to add support for this as well? Or is there an issue about it (like usage rules or whatever...)? Regards. [1] https://secwiki.org/w/Nmap_Script_Ideas#http-malware-hostWell to be honest I don't know the difference between them. Fyodor didn't mention anything about it when we had code reviews for this script or others so I assumed they were both correct. When I was researching our options for this script, I tested malware sites from http://www.malwareblacklist.com/showMDL.php and Google's service detected a LOT more entries than Norton. Since Symantec Norton also does not offer an API and we would have to parse html that could need updates in the future, I decided to go with Google's API. Adding support to this service does have the advantage of not needing an API key but their database doesn't seem that good. Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi Paulino, get_script_args offers at least two improvements over fetching arguments directly from the registry: 1. You don't need to set a value for "boolean" arguments, eg. you can do --script-args script.showall instead of --script-args script.showall=1 2. You can fetch multiple arguments using a single call eg: local mode, domains = get_script_args('dns-cache-snoop.mode', 'dns-cache-snoop.domains') //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
Thanks for the advice I've changed this in r24777. Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 03)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Henri Doreau (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Patrik Karlsson (Jul 08)
- Re: http-google-malware.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 09)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Henri Doreau (Jul 08)
- Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks Paulino Calderon (Jul 08)