Nmap Development mailing list archives
Re: [NSE] How brute scripts and UN/PW scripts interact with creds
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 25 Dec 2011 22:33:56 +0100
On Sat, Dec 24, 2011 at 4:04 AM, Brendan Byrd <sineswiper () gmail com> wrote:
While looking into scanning a large batch of hosts with different SNMP community strings, I seem to be faced with a potential problem with just how NSE scripts treat UN/PWs in general. We have creds, a library for storing UN/PWs for various hosts, but it doesn't appear to be long-term, and there is not a lot of interaction with it and other scripts. Currently, creds doesn't have a "saveToFile" function, so I created one.
I'm guessing by long-term you mean that they are not stored once Nmap finishes? As for script interaction, the library was added not that long ago and all scripts that make use of the brute library implicitly use it. But there is some work left of migrating old brute scripts to the brute framework and adding the cred library to those that could use it. As for saveToFile function there was one added by Tom Sellers 2011/09/04, but it doesn't appear in the nsedoc due to a formatting issue.
However, now we run into the issue of wasted cycles trying to load a growing creds file against thousands of script sessions. Every since instance of snmp-brute would be reading the whole file and then writing the whole file. If there is an nmap.registry.creds check, then we at least don't have to read the file more than once, but when do we write to it? At the end of each instance? Is there a function that could be added to the library to write the file on NMap exit?
Scripts with a postrule run after Nmap has scanned all of it's targets. For more information check: http://nmap.org/book/nse-usage.html
There's also the matter of database size. Is the Lua code fast enough to look through, say, 10K hosts in a Lua table among thousands of script checks? If not, then some sort of mini-database format, or maybe a better type of lookup, would need to be created.
Just to get a better understanding, could you provide me with a use case here?
And finally, adoption of creds within the scripts, both brute crackers for writing UN/PW, and version scanning / querying scripts for reading them. I don't see it used often enough.
Like I mentioned earlier, the brute library already uses the creds library, as for the other scripts they still need to be updated. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 23)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds David Fifield (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)