Nmap Development mailing list archives
Re: Harnessing Service Discovery
From: David Fifield <david () bamsoftware com>
Date: Wed, 26 Nov 2008 16:05:25 -0700
On Mon, Nov 24, 2008 at 08:18:19PM +0200, Toni Ruottu wrote:
The technologies can also be combined to improved port scanners. Port scanners can use service discovery as a source of information regarding open ports. In some cases a port scanner could avoid sending any packages, if a discovery service already revealed enough information regarding the interesting ports. Service discovery can also be used to get a list of target hosts/ports to scan. In a local network, port scanning the advertised hosts could be used to verify that the services are actually running, while in a foreign network, the advertisements might reveal interesting nodes to scan (or honey pots used for port scan detection!). ------------------------------------------------------------------------ To get my hands dirty on the subject, I wrote a simple script which uses Avahi Bonjour implementation to produce an Nmap compatible XML-file that can be opened in Zenmap for inspection. I have attached the script to this email for your convenience, but I also created a Bazaar repository to Launchpad.net for those of you who'd prefer getting a branch instead.
Hi Toni. This is a neat idea. I checked out your branch and ran the program. There's a Mac OS X host on the local LAN. I attached the resulting bonmap-david.xml. It found ports 22 and 5900 on the Mac, but missed 88 which was also open. The local host is not running any kind of Zeroconf but port 9 on localhost was marked up, which it is not. (I noticed the output doesn't differentiate TCP and UDP ports. Is that information available?) This technique of an external program generating Nmap XML can be very powerful when combined with Zenmap's scan aggregation. You could do a normal port scan and then supplement the results by loading a Bonmap file. This is an interesting area of study. I admit to being almost totally ignorant about Zeroconf/Bonjour/Avahi, but networks are changing all the time so we'll need tools to deal with all the new developments. David Fifield
Attachment:
bonmap-david.xml
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Harnessing Service Discovery Toni Ruottu (Nov 24)
- Re: Harnessing Service Discovery David Fifield (Nov 26)
- Re: Harnessing Service Discovery Toni Ruottu (Nov 26)
- Re: Harnessing Service Discovery David Fifield (Nov 27)
- Re: Harnessing Service Discovery Toni Ruottu (Nov 26)
- Re: Harnessing Service Discovery David Fifield (Nov 26)