Re: [UPDATE] security/arirang to 2.02

[Stuart Henderson]

>> On Thu, Apr 28, 2011 at 11:58:28AM +0900, jung wrote:
>>> hiya
>>>
>>> arirang 2.02
>>> - supported -T option socket connect timeout
>>> - supported -p option with multi-port scan =A0eg) -p 22,80,8080
>>> - added ariprint function in arirang script
>>> - added $ari_sport variable in arirang script
>>> - changed default processes count 30 to 60
>>> - changed default connect timeout seconds 2 to 3
>>> - changed printing style
>>> - fixed few bugs
>>>
>>> this is diff to update arirang 2.02.

arirang segfaults on amd64 with any of the .rb scripts that I've
tried if I specify a netmask, even a /32 netmask, though not for a
single host. Same happens with the in-tree version. For example:

$ arirang -R /usr/local/share/arirang/multiport.rb -h 10.15.5.0/29 
powerful webserver security scanner for network   arirang 2.02 for OpenBSD 
(amd64) 
2001,2002,2010,2011 by pilot released 2011/04/28  powered by twwwscan
                                                                                
   
starting arirang 2.02 + Ruby   http://www.monkey.org/~pilot/arirang/ 

arirang script file - /usr/local/share/arirang/multiport.rb 
arirang script examples - multi-port


10.15.5.2 - 80/tcp - Apache/1.3.29
/usr/local/share/arirang/multiport.rb:16: [BUG] Segmentation fault
ruby 1.8.7 (2011-02-18 patchlevel 334) [x86_64-openbsd4.9]


arirang scan result: 7 hosts 3.36 seconds




$ arirang -R /usr/local/share/arirang/multiport.rb -h 10.15.5.2/32
powerful webserver security scanner for network   arirang 2.02 for OpenBSD 
(amd64) 
2001,2002,2010,2011 by pilot released 2011/04/28  powered by twwwscan
                                                                                
   
starting arirang 2.02 + Ruby   http://www.monkey.org/~pilot/arirang/ 

arirang script file - /usr/local/share/arirang/multiport.rb 
arirang script examples - multi-port


10.15.5.2 - 80/tcp - Apache/1.3.29
/usr/local/share/arirang/multiport.rb:16: [BUG] Segmentation fault
ruby 1.8.7 (2011-02-18 patchlevel 334) [x86_64-openbsd4.9]


arirang scan result: 1 host 0.29 seconds





$ arirang -R /usr/local/share/arirang/multiport.rb -h 10.15.5.2    
powerful webserver security scanner for network   arirang 2.02 for OpenBSD 
(amd64) 
2001,2002,2010,2011 by pilot released 2011/04/28  powered by twwwscan
                                                                                
   
starting arirang 2.02 + Ruby   http://www.monkey.org/~pilot/arirang/ 

arirang script file - /usr/local/share/arirang/multiport.rb 
arirang script examples - multi-port


10.15.5.2 - 80/tcp - Apache/1.3.29

arirang scan result: 1 host 0.16 seconds