Re: Plugins?

[ubik <ubik () leviticus cert nu>]

On Thu, 17 Dec 1998, HD Moore wrote:

> > else could write their own modular component and make it available for
> > anybody else who wanted to use it without bloating the main nmap program.
>
>
> Wouldn't it be simpler to just parse log files and use scripts to check
> hosts for things like RPC services, SNMP, and NetBIOS shares?

  Yeah, this works well in a lot of cases too, especially since utilities
to dump SNMP MIBs and perform NetBIOS related stuff are generally pretty
huge.  Consider RPC scanning though.  How many external RPC scanning
utilities have you seen that will scan only a list of 20 or so specific
and random ports?  To use the portscan information from nmap, you have to
write a custom utility anyways.

> The -m option in combination with perl scripts is working great for me, and
> required no 'real' programming.
>
> >  Would this be a reasonable compromise?
>
>
> How would you implement the modules though?  Have them do thier checks on a
> host after the initial portscan and OS, or a realtime parallel scan (it
> finds portmapper and immediately dumps rpc services).  You would also have
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  This isn't what I mean by RPC scanning btw.  

  What I had in mind was having added components run on each host after
portscanning and OS identification so that they would have access to all
of the collected information.  

> to implement a filter to allow not scanning specify types of hosts.  In
> general the modules idea seems more trouble than its worth.

  I'm not exactly sure what you mean by filters, but the modular
extensions probably aren't that difficult to implement.  I'm just not sure
that there are enough useful things you could do with them to justify it.

-ubik