Nmap Development mailing list archives
Re: [NSE] New script dns-blacklist
From: Duarte Silva <duarte.silva () serializing me>
Date: Tue, 3 Jan 2012 11:17:52 +0000
Good morning, I like the solution in a way, in another way I think it's a bit overkill, because you end up replicating the same code in all providers. The other solution, passing the configuration in almost every function, is more in the philosophy of use it if you need it (same as the mode parameter being passed onto the resp_parser). It's a shame Lua doesn't have a cleaner way to do inheritance. Later today, I will do some investigation on how to do this in a better way. Regards,Duarte On Mon, Jan 2, 2012 at 8:52 PM, Patrik Karlsson <patrik () cqure net> wrote:
Hi Patrik,There was no patch for the first two services attached to your post? I checked them out and they both seem interesting, the first one would probably fit under the PROXY section, while the second one should probably go into a category called ATTACK or similar?No sory, I dind't send the patch. I wanted to do it once I had added the three providers. Yes, the first one is in the PROXY category and the second one I created the ATTACK category. The output of "dns-blacklist.list" is the following: Pre-scan script results: | dns-blacklist: | ATTACK | all.bl.blocklist.de | dnsbl.httpbl.org | dnsbl.httpbl.org.apikey - the http:BL API key | PROXY | dnsbl.ahbl.org | socks.dnsbl.sorbs.net | misc.dnsbl.sorbs.net | http.dnsbl.sorbs.net | tor.dan.me.uk | dnsbl.tornevall.org | SPAM | dnsbl.ahbl.org | dnsbl.inps.de | bl.nszones.com | l2.apews.org | list.quorum.to | all.spamrats.com | bl.spamcop.net | spam.dnsbl.sorbs.net |_ sbl.spamhaus.org You can see that it is listing the API key argument that must be specified for the "dnsbl.httpbl.org" provider.In regards to the third one I think it both looks interesting and something to add. For the key part I don't think it's very difficult to do with the existing library. One way of doing it would be to get a script argument with the key in the fmt_query function of each services that needs one. Check out the first service in the list, it has a fmt_query function to show how it works. I guess it could look something like this: fmt_query = function(ip) local rev_ip = dns.reverse(ip):match("^(.*)%.in%-addr%.arpa$") local key = stdnse.get_script_args("dnsbl.key.dnsbl.httpbl.org") if ( not(key) ) then return end return ("%s.%s.dnsbl.httpbl.org"):format(key,rev_ip) end I guess the checkBL function would need to be patched to handle an empty response from the fmt_query function.I have a somewhat similar solution. You can check the patch, it isn't fully implemented though.Cheers, PatrikHi Duarte, I changed so that each service now has a "new" function through which it can be instantiated. This way it can get the configuration there and it does no longer have to be passed to each and every function. Maybe this is a bit too ambitious or just a bad idea, as most of the services don't have any benefit of this? I've attached a patch against SVN but haven't done any extensive testing of the change. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 15)