R3ADME
e4e96ac2029bb90e616379e8807f0bd62dd57a0f4ba5993ce629e620a22703a0
vulnmap: vulnerability scanning modifications to nmap by ajax@mobis.com
------------------------------------------------------------------------------
The format of exploit.dat is as follows:
OSTYPE,PORT,PROT,WAIT_DATA1,SEND_DATA1,WAIT_DATA2,SEND_DATA2,
EXEC_PROG,COMMENT
Definitions:
OSTYPE=string to match against fingerprint returned from host
i.e. "SunOS" would match all fingerprints with "SunOS" in them.
PORT=[0-65536]
PROT=TCP,UDP,RPC (tcp only implemented)
WAIT_DATA1=data to expect to recieve to compare if vulnerable
This does not currently use regular expression matching.
This can not be an empty string.
SEND_DATA1=data to send (if null use "NULL")
WAIT_DATA2=data to expect (if null use "NULL")
if SEND_DATA1 is NULL, WAIT_DATA2 is skipped.
EXEC_PROG=pathname/filename to exec with variable substitution, or "NULL"
options: %IP = ip address in dot notation
COMMENTS=comments to log if vulnerable
TODO:
. RPC service scanning and probing
. expand the config file languae/variables.
. allow regular expression matching in waitdata and ostype fields of
config file
. socket session probing