Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test and fix http-slowloris for running against multiple services at once. #63

Open
dmiller-nmap opened this issue Feb 25, 2015 · 5 comments
Open

Test and fix http-slowloris for running against multiple services at once. #63

dmiller-nmap opened this issue Feb 25, 2015 · 5 comments
Labels
enhancement NSE

Comments

@dmiller-nmap
Copy link

The http-slowloris script has lots of script-level variables that will probably conflict with each other when scanning multiple services. Example: the Bestopt variable keeps track of whether to use SSL or not. Running against a plaintext and an HTTPS service at the same time would probably result in conflicts. Need to test and fix, or just rewrite the script to be cleaner.
@h4ck3rk3y
Copy link

Hi,
I tried replacing all the script level variables with function parameters. This failed as stdnse.new_thread doesn't return the functions outputs. Then I decided to make all script level variables tables, indexed by getKey function which generates a unique key index based on host.ip,port.number and port.service. Please comment on this approach. I have attached the script using this approach[1].

[1]https://github.com/h4ck3rk3y/nmap/blob/master/test_scripts/http-slowloris.nse

Gyani

@dmiller-nmap
Copy link
Author

@h4ck3rk3y I would instead make those variables into indices in a table local to the action function. Then pass that table as an argument to the thread function via stdnse.new_thread.

I do notice now, though, that the original author included a workaround for this problem by using a mutex to ensure only one instance of the script runs at any given time. We should probably look into how to best handle scanning multiple services, since doing so with the runforever script-arg would mean that only the first service would ever be attacked.

@h4ck3rk3y
Copy link

@h4ck3rk3y I would instead make those variables into indices in a table local to the action function. Then pass that table as an argument to the thread function via stdnse.new_thread.

Some of the functions that are run through stdnse.new_thread change the values of the script level variables. If these variables are indexed into a table and passed to the functions, I am not sure how the updated values will be retrieved.

I do notice now, though, that the original author included a workaround for this problem by using a mutex to ensure only one instance of the script runs at any given time. We should probably look into how to best handle scanning multiple services, since doing so with the runforever script-arg would mean that only the first service would ever be attacked.

Some sort of port specification ? The user can specify which port to run the script forever on. Others open ports will be skipped.

@dmiller-nmap
Copy link
Author

Tables are passed by reference; all threads would have the same table. This means that any of the threads which updates a value would have to use a mutex or something to avoid concurrency issues, but for reads there would be no problems.

@h4ck3rk3y
Copy link

Ah, that should work then. My implementation really reduced the readability of code and made it look messy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement NSE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@h4ck3rk3y @dmiller-nmap