Re: [NSE] New script dns-blacklist

[Duarte Silva <duarte.silva () serializing me>]

Good morning,
I like the solution in a way, in another way I think it's a bit
overkill, because you end up replicating the same code in all
providers. The other solution, passing the configuration in almost
every function, is more in the philosophy of use it if you need it
(same as the mode parameter being passed onto the resp_parser).
It's a shame Lua doesn't have a cleaner way to do inheritance. Later
today, I will do some investigation on how to do this in a better way.
Regards,Duarte
On Mon, Jan 2, 2012 at 8:52 PM, Patrik Karlsson <patrik () cqure net> wrote:
> > Hi Patrik,
> >
> > > There was no patch for the first two services attached to your post?
> > > I checked them out and they both seem interesting, the first one would
> > > probably fit under the PROXY section, while the second one should
> > > probably
> > > go into a category called ATTACK or similar?
> >
> > No sory, I dind't send the patch. I wanted to do it once I had added the
> > three
> > providers. Yes, the first one is in the PROXY category and the second one
> > I
> > created the ATTACK category. The output of "dns-blacklist.list" is the
> > following:
> >
> > Pre-scan script results:
> > | dns-blacklist:
> > |   ATTACK
> > |     all.bl.blocklist.de
> > |     dnsbl.httpbl.org
> > |       dnsbl.httpbl.org.apikey - the http:BL API key
> > |   PROXY
> > |     dnsbl.ahbl.org
> > |     socks.dnsbl.sorbs.net
> > |     misc.dnsbl.sorbs.net
> > |     http.dnsbl.sorbs.net
> > |     tor.dan.me.uk
> > |     dnsbl.tornevall.org
> > |   SPAM
> > |     dnsbl.ahbl.org
> > |     dnsbl.inps.de
> > |     bl.nszones.com
> > |     l2.apews.org
> > |     list.quorum.to
> > |     all.spamrats.com
> > |     bl.spamcop.net
> > |     spam.dnsbl.sorbs.net
> > |_    sbl.spamhaus.org
> >
> > You can see that it is listing the API key argument that must be specified
> > for
> > the "dnsbl.httpbl.org" provider.
> >
> > > In regards to the third one I think it both looks interesting and
> > > something
> > > to add. For the key part I don't think it's very difficult to do with
> > > the
> > > existing library. One way of doing it would be to get a script argument
> > > with the key in the fmt_query function of each services that needs one.
> > > Check out the first service in the list, it has a fmt_query function to
> > > show how it works. I guess it could look something like this:
> > >
> > > fmt_query   = function(ip)
> > >   local rev_ip = dns.reverse(ip):match("^(.*)%.in%-addr%.arpa$")
> > >   local key = stdnse.get_script_args("dnsbl.key.dnsbl.httpbl.org")
> > >   if ( not(key) ) then
> > >     return
> > >   end
> > >   return ("%s.%s.dnsbl.httpbl.org"):format(key,rev_ip)
> > > end
> > >
> > > I guess the checkBL function would need to be patched to handle an empty
> > > response from the fmt_query function.
> >
> > I have a somewhat similar solution. You can check the patch, it isn't
> > fully
> > implemented though.
> >
> >
> > > Cheers,
> > > Patrik
>
>
> Hi Duarte,
>
> I changed so that each service now has a "new" function through which it can
> be instantiated.
> This way it can get the configuration there and it does no longer have to be
> passed to each and every function.
> Maybe this is a bit too ambitious or just a bad idea, as most of the
> services don't have any benefit of this?
> I've attached a patch against SVN but haven't done any extensive testing of
> the change.
>
> Cheers,
> Patrik
> --
> Patrik Karlsson
> http://www.cqure.net
> http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/