Nmap Development mailing list archives
Re: NMAP scripts
From: eldraco <eldraco () gmail com>
Date: Fri, 15 Aug 2008 01:03:07 -0300
Ok Adam, this is ugly but it should work if you are willing to do it... 1- iptables -A OUTPUT -p tcp --dport 23022 -j DROP 2- nmap -sS -p23022 -PN -n -v xx.xx.xx.xx --script=/usr/local/share/nmap/scripts/whois.nse Result: 1- no packets send to xx.xx.xx.xx 2- whois executed right 3- quick For example: nmap -sS -p23022 -PN -n -v scanme.insecure.org --script=/usr/local/share/nmap/scripts/whois.nse Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-15 01:00 ART Initiating SYN Stealth Scan at 01:00 Scanning 64.13.134.52 [1 port] sendto in send_ip_packet: sendto(5, packet, 44, 0, 64.13.134.52, 16) => Operation not permitted Offending packet: TCP me.me.me.me:52335 > 64.13.134.52:23022 S ttl=52 id=49065 iplen=44 seq=1763118709 win=1024 <mss 1460> sendto in send_ip_packet: sendto(5, packet, 44, 0, 64.13.134.52, 16) => Operation not permitted Offending packet: TCP me.me.me.me:52336 > 64.13.134.52:23022 S ttl=37 id=17732 iplen=44 seq=1763053172 win=2048 <mss 1460> Completed SYN Stealth Scan at 01:00, 2.02s elapsed (1 total ports) SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 01:00 Completed SCRIPT ENGINE at 01:00, 0.91s elapsed Host 64.13.134.52 appears to be up ... good. Interesting ports on 64.13.134.52: PORT STATE SERVICE 23022/tcp filtered unknown Host script results: | Whois: Record found at whois.arin.net | netrange: 64.13.134.0 - 64.13.134.63 | netname: NET-64-13-143-0-26 | orgname: Titan Networks | orgid: INSEC | country: US stateprov: CA | orgtechname: Hostmaster |_ orgtechemail: hostmaster () titan net Read data files from: /usr/local/share/nmap Nmap done: 1 IP address (1 host up) scanned in 3.01 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) I said, it is ugly. hope that helps cheers eldraco El Friday 15 August 2008 00:25:35 jah escribió:
On 14/08/2008 10:16, adam.bull () bt com wrote:Hi guys Not a fault as such more of a question / recommendation, I want to be able to run the nmap script WHOIS and harvest a list of IP addresses in a range but I don't want to connect to the targets at all - just run the script!. I've looked through the help file and there's seems to be no way I can just run the script without having to at least ping or send a "-sS -p80" is it possible to run the script without having to make any connection to the target kinda the opposite what nmap was built for but hey.Hi Adam, At presently, I believe that there isn't a way to run an NSE script without scanning/pinging a target. NSE scripts depend on nmap for their targets (and some functionality not found in LUA) so it would require a good deal of hacking to run the script apart from nmap - you'd be better off scripting something with perl Net::Whois or some java-based command line client <http://www.skytouch.com/soft/java/whois.html>. Perhaps you'd be willing to scan your targets with a spoofed public IP address. Something along the lines of nmap <target> -sS -p80 --max-retries 0 -n -PN -e <your-interface-name> -S 66.249.67.205 -v --script whois Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- Ing. Sebastián García http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP scripts adam.bull (Aug 14)
- Re: NMAP scripts jah (Aug 14)
- Re: NMAP scripts eldraco (Aug 14)
- Re: NMAP scripts jah (Aug 14)