A further iteration of the unified scan.bro script is now in the branch topic/jazoff/scan-unified
Use of the branch isn't required though, as it is a self contained change one can just grab the https://raw.githubusercontent.com/bro/bro/31b63445ed07e2e76f98c49dd59091b1742523d1/scripts/policy/misc/scan.bro and replace the stock scan.bro with it - or better, move it to site and change the loading from misc/scan to just ./scan.bro) It is aiming to replace scan.bro so you can not run both at the same time. However, If you really wanted to you could search/replace all the identifiers that conflict with scan.bro and run both. It should behave visibly similar to current scan.bro except there is a new Random scan notice: Scan::Random_Scan 198.20.69.74 scanned at least 102 hosts on 82 ports in 4m51s and the existing notices may report for more than one port or host (up to 5) - after that it becomes a Random_Scan Address_Scan 91.236.75.4 scanned at least 102 unique hosts on ports 3128, 8080 in 4m47s -- - Justin Azoff _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
