Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] resolveall prerule, nmap.resolve(), nmap.address_family()

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 12 Aug 2010 18:48:18 +0200
Hi all,

Here's a (very quick) attempt on writing a script that uses both the prerule and postrule.
The prerule is used to store a custom "session name" into the Nmap registry.
The postrule reads the "session name" and posts a tweet once the scan has finished.
The tweet is sent as a public status update using the user and password supplied as script argument.

The script leaves a lot to wish for and is ment as an example rather than something ready for use.

Regards,
//Patrik

Attachment: session-name.nse
Description: 


On 12 aug 2010, at 05.42, Djalal Harouni wrote:


On 2010-08-11 02:03:14 -0500, Kris Katterjohn wrote:

I've attached a patch and new prerule script for adding new targets to Nmap
(target adding functionality is still not in trunk yet, but here's this anyway
like my snmp-interfaces changes).  The script is called resolveall and just
takes a host as it's only argument, resolveall.host.

Several months ago there was discussion on Nmap scanning all addresses for a
given host name, which is a very bad idea for default behavior.  As far as I
know, nothing else came of this (no options, etc), so I decided to write this.

I've also added general functions to the nmap library: resolve(host,af) takes
a name and optional address family ("inet", etc) and returns a table with all
of the addresses; address_family() returns Nmap's o.af() value as "inet" or
"inet6" like resolve() expects.  If resolve() is not given an address family
then it doesn't care and returns all addresses.

Other scripts could find these useful since (for example) it can't determine
the address family any other way (at least not prerule scripts; portrule
scripts could look in the host table to deduce this).  But right now they just
make resolveall quite simple while still looking ahead.

To test, use Djalal's nmap-add-targets branch (until it gets merged to trunk)
with the attached patch and run resolveall with args "newtargets" and
"resolveall.host" set to a host with multiple (or single, really) addresses,
like google.com.   www.kame.net gives IPv4 and IPv6 addresses.

Again, only one additional target gets scanned for now right but Djalal is on
this.

Hi Kris,

I've fixed the bug, so you can go ahead and update your code to add
all the new targets (IPs or Hostnames), I've also done some changes on
the target.lua library, it's documented.
For any one hwo wants to play with this you checkout:
svn co --user=guest --password="" \
svn://svn.insecure.org/nmap-exp/djalal/nmap-add-targets

The feature will let prerule, portrule and hostrule scripts to add
targets to Nmap. Targets are IPs or hostnames and even Networks with
cidr notation or other target specification supported by Nmap, but
perhaps this will change and we should include some network filtering
features and allow only IPs and Hostnames, what do you think ?
Adding networks will make it difficult to filter and if we parse the net
block then it would consume lot of memory ...

Excluded targets and max hosts per group features are honored, and you
can count on them, so if you specify an excluded target with
--exclude nmap.org ,then even if a script will add it, it will not be
scanned. The same thing for min-hostgroup/max-hostgroup.

I'll try to do more tests, thx.

-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: