Nmap Announce mailing list archives
Re: Plugins?
From: ubik <ubik () leviticus cert nu>
Date: Thu, 17 Dec 1998 23:03:20 -0700 (MST)
On Thu, 17 Dec 1998, HD Moore wrote:
else could write their own modular component and make it available for anybody else who wanted to use it without bloating the main nmap program.Wouldn't it be simpler to just parse log files and use scripts to check hosts for things like RPC services, SNMP, and NetBIOS shares?
Yeah, this works well in a lot of cases too, especially since utilities to dump SNMP MIBs and perform NetBIOS related stuff are generally pretty huge. Consider RPC scanning though. How many external RPC scanning utilities have you seen that will scan only a list of 20 or so specific and random ports? To use the portscan information from nmap, you have to write a custom utility anyways.
The -m option in combination with perl scripts is working great for me, and required no 'real' programming.Would this be a reasonable compromise?How would you implement the modules though? Have them do thier checks on a host after the initial portscan and OS, or a realtime parallel scan (it finds portmapper and immediately dumps rpc services). You would also have
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This isn't what I mean by RPC scanning btw. What I had in mind was having added components run on each host after portscanning and OS identification so that they would have access to all of the collected information.
to implement a filter to allow not scanning specify types of hosts. In general the modules idea seems more trouble than its worth.
I'm not exactly sure what you mean by filters, but the modular extensions probably aren't that difficult to implement. I'm just not sure that there are enough useful things you could do with them to justify it. -ubik
Current thread:
- Plugins? HD Moore (Dec 17)
- Re: Plugins? ubik (Dec 17)