Re: [RFC] Factor out ftp bounce scan

[Daniel Miller <bonsaiviking () gmail com>]

I found a few servers on the Internet via scans.io (a great resource!)
to test, and this patch at least preserves the existing behavior. The
code could use a lot of work, and I think that moving it to a NSE
script would be a good move, even without direct "port scanning"
integration.

After my testing, I merged this in r32558. The code could use a lot of
work; it doesn't work with a few servers I found that ftp-bounce.nse
says are vulnerable (could be a bug in both programs), nor with some
that give obviously different responses for closed vs open ports.

Dan

On Fri, Dec 6, 2013 at 3:55 AM, Henri Doreau <henri.doreau () gmail com> wrote:
> 2013/12/6 Daniel Miller <bonsaiviking () gmail com>:
> > List,
> >
> > The attached patch factors out FTP Bounce scan from the various files
> > it resided in (nmap.h, nmap.cc, scan_engine.cc, global_structures.h)
> > into nmap_ftp.h and nmap_ftp.cc.
> >
> > The purpose is to make it easier to convert this functionality to some
> > more-appropriate implementation such as NSE (if NSE-based port
> > scanning is ever committed). At the very least, it de-clutters some
> > core files. Your thoughts and testing are much appreciated.
> >
> > Dan
> Hi,
>
> I'd first need to find a suitable server to test the patch against
> (are there still some??) but the idea sounds excellent to me, and so
> does the patch at first sight.
>
> I have no time to work on NSE-based port scanning at the moment but
> the patch still lies in nmap-exp/henri, and I can provide some help if
> someone is interested in reviving it. I still believe that this would
> have a great potential.
>
> Regards
>
> --
> Henri
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/