Updating cas disclosure statements

I did not find any protocol documentation but I assume it is a relatively simple protocol and could be easily reverse-engineered by looking at the network traffic with Wireshark.

Setting up a suitable test server or emulating it may of course be a problem unless the implementer is a C64 wizard.

updating cas disclosure statements-88

Checking whether DANE is configured properly would be a great use of NSE, combining our DNS and SSL NSE libraries into a useful script that could help security researchers and domain administrators alike.

In progress as dnssec-check-config: https://github.com/nmap/nmap/pull/497 DNS names have all sorts of special rules and things that we would like to handle better. Public suffix handling could replace the (outdated) whitelist of TLDs in

They can be discussed here and will also be moved to another section (and potentially discussed further) by the NSE team when they do periodic reviews.

Extend smbv2-enabled to enumerate the SMB versions available.

The "high-priority" section is for ideas that are definitely wanted.

Only Nmap developers should move things into these latter two categories.

Note: edit/comment on this security.stackexchange answer if/when this is done: https://security.stackexchange.com/a/155773/9209 This script can DOS an Oracle My SQL server from version 5.6.13 till 5.7.17. The script is here: https://github.com/nmap/nmap/pull/877. This script would attempt to extract a list of files, versions, and other high-level information from a server that implements Language Server Protocol.

Script args should be supported that would cause additional information -- chunks of source code, ideally -- to be exported.

Ofcourse there might also be popular protocols that are unregistered. I assume the script could try connecting to the root resource by default but in that case it won't be able to connect to Web Sockets under other resource names.


  1. That is, online dating sites use the conceptual framework of a "marketplace metaphor" to help people find potential matches, with layouts and functionalities that make it easy to quickly browse and select profiles in a manner similar to how one might browse an online store.

  2. The great versatility of Linux makes it possible to configure your system in a way that it brings out the best in each usage scenario.

  3. Show host Chris Hansen clarified in an interview with NPR News that the subjects confronted on the show should be labelled properly as potential sexual predators and not as pedophiles, which is a specially-defined clinical subclass of human psychosexuality.

  4. dont be shy and enjoy with our special telephone service.

Comments are closed.