Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSoC 2012 Project - Vulnerability and exploitation specialist

From: David Fifield <david () bamsoftware com>
Date: Wed, 28 Mar 2012 22:38:00 -0700
On Wed, Mar 28, 2012 at 04:03:55PM +0200, Aleksandar Nikolic wrote:

Hi,


I've added two vulnerability entries as Mr. Harouni suggested. Apart
from that, some people reported that the script didn't work on some
Windows 7 machines as expected, so I've updated the script to fix
that. Although I have tested it against vulnerable Windows XP and
Windows 7 machines, there could still be some issues, so if you test
this, and it doesn't work as expected, please contact me.


Thanks for being so quick with these updates. I have just committed your
script. I was not able to test it against a vulnerable installation, but
I saw it doing the test and correctly reporting "not vulnerable."

If the script finds a service that is not RDP, it marks it NOT_VULN. Is
that the convention in other scripts? It seems like it should simply
leave it unset in this case, because we really don't have positive
confirmation that the vulnerability is not present. We have roughly the
same level of knowledge as if the script had not been run.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: