Nmap Development mailing list archives
[RFC][NSE] FTP bounce scan implemented as NSE script
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 11 Feb 2014 14:46:24 -0600
List, FTP bounce scans are ancient, but Nmap remains one of the tools that is used to perform them. I recently refactored the FTP bounce scan code out of the rest of Nmap's files into nmap_ftp.{h,cc}, with the goal of replacing it with a NSE script. The attached script is my attempt to clone the logic in nmap_ftp.cc. I have run it against scanme.nmap.org via several servers on the Internet, and the results are inconclusive: No server gives a completely accurate scan. I have also failed to set up a vulnerable FTP server, since pretty much every ftpd will now refuse PORT commands with third-party IP addresses. I need testers, and I need eyes on this code. I suspect that it could be made cleaner, and I think there is room for accuracy improvement, but I don't have a good test environment to be sure. Thanks, Dan
Attachment:
ftp-bounce-scan.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC][NSE] FTP bounce scan implemented as NSE script Daniel Miller (Feb 11)