Nmap Development mailing list archives
A formal language for NMAP?
From: Lorenzo Rossi <tacchino801 () libero it>
Date: Sat, 14 Feb 2004 18:56:11 +0100
Hi, I'm new to nmap, I tested it and I did not found one usefull option... but before to say stupid thinks, I would like to show you my simple considerations. ..sorry for the language... Looking at nmap, xprobe2 and hping2, they are powerfull tools, and each of it give you it's best on particular network topology and against a particular organization security policy. None of it has the ability to save the result of the performed probes with a formal language. If I'm wrong, please do not care about the line below. Now you are thinking I'm crazy...:) Let me explain.. Suppose for a while you have to do a pen-test and you would like to use some caracteristcs of each tool on a particular step of penetration activity, and store the result of the step to be manually o automatically analized for considerations on how to procede to the next step. Each of tool mentioned above give you the result with it's own syntax and they process the results. I think could be usefull to have the collected data stored in a formal language and without any process applied to it. Doing so, will be possible to create external programs, like pen-test frameworks, with some decisional capability that you buil your own, that take the input from a program like nmap and procede to the next step of the pen-test activity, with decision based on the information it has form the step before. For example: You set the constraints of the framework: - If you would like to minimize the traffic or if you would like precise informations. - If you would like to use a particular protocol or you would like to use first ICMP than TCP, and the order of the various type of the messages sent. ..ecc..ecc.. The core of the framework, a sort of decision module, start a program performing a traceroute, it store the IP and the order of the hops to the target. Then it use xprobe2 to test what type of ICMP messages are filtered by the routers along the path. Then based on results it decide if to continue to use Xprobe2 or shift to use nmap ...ecc...ecc... and so on based on how is complex and the intelligent core of the framework. Do you think that could be usefull to have an nmap option to write the results of probes in a formal language without any processing? Simply use nmap or xprobe2 or other programs to generate packets, collect the answers and write the snapshot of what have happend in a formal language. What do you think? If I have said stupid thinks, please do not kill me...:) L. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- A formal language for NMAP? Lorenzo Rossi (Feb 14)
- <Possible follow-ups>
- Re: A formal language for NMAP? Max (Feb 14)
- Re: A formal language for NMAP? Lorenzo Rossi (Feb 17)