Nmap Attack Scripting Language (NASL)

[Fyodor <fyodor () insecure org>]

One of the Google SoC projects that I'm most excited about is adding a
scripting engine to Nmap.  Don't worry Renaud, we won't really call it
NASL :).  And this doesn't mean Nmap is becoming a vulnerability
scanner.  Scripts can be used for all sorts of things.  For example,
KX's recent suggestion of looking up AS numbers and whois data.  Or
you could write a custom script to query your own proprietary
applications on your network.  Or vulnerability detection.  Or maybe
check for open proxies.  There are tons of options.

So I just wrote up a requirements doc for the project:

http://www.insecure.org/nmap/SoC/Scripting.html

Boy, SoC is a great program but it sure keeps me writing a lot of long
text files :).  The good news is that the final student selection
should be announced within the next couple days and then we'll move
toward writing code.  But doing the initial design properly is
obviously critical.  So do reply if you have suggestions.

For what it is worth, we're currently looking at LUA as the embedded
scripting language of choice.  Anyone have experience in this area?

Cheers,
-F



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev