Re: [Yokoso-devel] Nmap scripts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 17, 2009, at 12:32 PM, Ron wrote:
> Me and one of my co-op students were looking at some of our web apps  
> to
> get fingerprints. Specifically, we were looking at "Secunia". The  
> issue
> with Secunia is that all the files are very generic ("left- 
> border.gif",
> "default.css", etc). While each file is generic, the combination of  
> them
> is likely unique.
>
> But that made me realize, are your signatures intended to be ANDed or
> ORed? Right now, I implemented it with an OR -- if any one signature
> matches, it's a match. Implementing it as an AND, where all files must
> be present, would be somewhat more difficult.
>
> Which way do you suggest?

The plan so far was to OR them, but I can see the need for an AND.

We need to think about the architecture of the fingerprints... for  
example some of them are on a default port outside of 80.  Maybe we  
could put multiple fingerprints on a line for ANDs?

ideas?

Kevin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkqJkqkACgkQGDcWptZ2zmRoogCdG28lSqXofEoWb08OQxlfU3nP
Me0AniMZjrQLHk7Hj6MF3WMIVtr8ypkH
=lRYm
-----END PGP SIGNATURE-----