Nmap Development mailing list archives
Re: Adding new NSE discovered targets to Nmap
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 12 Aug 2010 18:33:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2010 09:06 AM, Djalal Harouni wrote:
* If we took scanme.nmap.org as an example: scanme.nmap.org == 64.13.134.52 target.add("scanme.nmap.org","64.13.134.52") this code will add two new targets. Nmap will do the DNS lookup for us and will scan the same IP twice, so should we add NSE DNS lookup functions (Kris has already done some part of it, in his resolveall prerule script [1]) and do the DNS lookup in target.add() function ? Personally I prefer to allow only IPs targets for the moment and when we have a better target filtering engine that checks for already processed IPv4/IPv6 in TargetGroup::parse_expr() and nexthost() functions, then we should allow hostnames and different network specifications that are supported by Nmap, and we could even use a vector to store the new added targets instead of a tree so it will be easy to read and remove the targets from the new_targets_cache vector. Any new NSE valid IP checking should go in the ipOps.lua library. To sum it up: I'm for allowing only new IPs for the moment and make adding new hostnames and networks targets future features, what do you think ?
I think some DNS resolving functionality (like my nmap.resolve() patch which gives all addresses) should be present for scripts (prerule or not). This gives scripts control over what address or addresses are used. If target name adding is supported and a script just hands target.add() a name, then Nmap can look it up and choose the first address. So regardless of the current support for names in target.add(), I think script should be given (at least optional) control. However, unless I'm mistaken, if names aren't supported, something like nmap.resolve() becomes necessary if users pass names to prerule scripts which could get added as targets (otherwise prerule target-adding scripts don't support names either, which would suck). Even though scripts could resolve names with nmap.resolve() and pass the address(es) to Nmap, I think adding target names should be supported unless there's quite a good reason not to. Making every script resolve names themselves doesn't seem right, especially if the script doesn't care and would behave as Nmap does anyway by just picking one. Using nmap.resolve() is easy, but I'm not sure if it's worth using in scripts which don't actually require it or care in place of target.add() supporting names. Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMZITlAAoJEEQxgFs5kUfukYkP/3LVsVLCDlse4ihtEXTSHCpV IMK/YS1D4OQbCqFY6nJRMdAZm7KJDYhXvAh/pGPryFbjXeIzbNPMajkk7zgsTwjR 5g3QwYJ6nuFWSfwiPJcZ9NGiFPIYiQ1jc2YxH4Z82ZDoLPqHze9cx0Mh95mSqYFy Xkfc0di3kZw9RaiskvJqbQWXLzQrmuMx/AAhSjZ/Zfpy/9N+cSkc1cFYtTXgjArr mc2BQ/9wlchv4joRBhcU0I320BI52CMl0K80L2VYSNXD4lyD0qGTEux2Z/UgI+Q+ f2aQJzCl9lcitRg2eI1/KR1TFpBm9sWyfmsFnKKd7KeerP/qU63WiAEmGVTVdt1B bRoEAZbcVcnYiucMs+sF/WSMOxpP1x9GLvmFeurRBCDVmRQSseVAVQrs6IvAcM0j gt07j85aCbc8sKlZn9kvnh5qBc7pC5pw/uXEwZ+isxtH+qQDM5iZDxhiunKj3jg/ WWNXuznmuwANHKrZFXceEpJn4hyqClnKohsXOnDVegN5voHVCXtycCTKRSbdZLnM nwvnTKM/cBmkilqIT8fXuKAuas+oQG2wk7hOXYYV2HMduS2bK4UBjiCP/Qs0WbTd LZjljOa97dXnxD/U4sRzhKEJ5gmZ6AWhwNN0hZUtqK6c0crKLqAuupJ5IXLOdpkT YIVQ9fg20z8djX1pjE1H =CI3r -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Receiving broadcasts in Nsock, (continued)
- Re: Receiving broadcasts in Nsock David Fifield (Sep 19)
- Re: Receiving broadcasts in Nsock Patrik Karlsson (Sep 21)
- Re: Receiving broadcasts in Nsock David Fifield (Sep 30)
- Re: Receiving broadcasts in Nsock Patrik Karlsson (Sep 30)
- Re: Receiving broadcasts in Nsock David Fifield (Sep 30)
- Re: Adding new NSE discovered targets to Nmap Djalal Harouni (Aug 12)
- Re: Adding new NSE discovered targets to Nmap Djalal Harouni (Aug 31)
- Re: Adding new NSE discovered targets to Nmap David Fifield (Sep 06)
- Re: Adding new NSE discovered targets to Nmap Djalal Harouni (Sep 10)