Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: exploits with nmap

From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Tue, 23 Feb 2016 23:12:33 +0530
Hi Tabish,

Most scripts under the 'default' category are run automatically depending
on the scan results. There are 4 rules 'post rule', 'pre rule', 'port rule'
and 'host rule'. Post rule scripts are run after all the hosts are scanned,
while pre rule scripts are run before even one host is scanned. Port rule
scripts are run on ports or services determined as one of open,
open|filtered, unfiltered by the port scan(after scanning a batch of
hosts), which I guess is what you are trying to pitch. We also have
hostrule scripts that take in a host table and run against matching hosts,
after a batch of hosts is scanned.

Hope I could help. For more see this link[1].

Cheers,
Gyani

[1]https://nmap.org/book/nse-script-format.html



ᐧ

On Tue, Feb 23, 2016 at 10:55 PM, tabish imran <tabish.imran96 () gmail com>
wrote:


Thanks gyanendra , there's something that I'm planning to work on in my
free time

a nse script which suggests you scripts to run ( or runs them on your
behalf if you chose to do so ) depending on the output of your scans ..

For example, if it finds mysql running on a host , it could run related
scripts like mysql-info or mysql-users.

The user could pass script parameters like safe or intrusive and the
script would handle the rest.

Would love to hear your thoughts about this .

Thanks..
On 22-Feb-2016 8:42 pm, "Gyanendra Mishra" <anomaly.the () gmail com> wrote:


HI Tabish,

We do have scripts that come under the "exploit" category and aim to
actively exploit  some vulnerability. Look at [1] for more.

Cheers,
Gyanendra

[1]https://nmap.org/book/nse-usage.html


ᐧ

On Sun, Feb 21, 2016 at 9:46 PM, tabish imran <tabish.imran96 () gmail com>
wrote:


hi nmap devs , i was wondering what you guys think about adding exploit
scripts in nmap , i realize there are scripts for detecting stuff like csrf
etc , how about scripts which could exploit the vulnerabilities.

~newbie
~also a huge fan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: