Nmap Development mailing list archives
Re: adding this option?
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 15 Jan 2008 20:42:32 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Jan 2008 20:03:51 +0000 "Eddie Bell" <ejlbell () gmail com> wrote:
Hey guys, would something like this be useful? bash> cat commands SSH-1.0-test_2.0 bash> ./nmap -sT -p22 localhost --script=./scripts/payloadInject.nse --script-args port=22,file=./commands PORT STATE SERVICE REASON 22/tcp open ssh syn-ack | payload-inject: | 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f SSH-2.0-OpenSSH_ | 34 2e 36 70 31 20 44 65 62 69 61 6e 2d 35 75 62 4.6p1 Debian-5ub | 75 6e 74 75 30 2e 31 0a 50 72 6f 74 6f 63 6f 6c untu0.1.Protocol | 20 6d 61 6a 6f 72 20 76 65 72 73 69 6f 6e 73 20 major versions |_64 69 66 66 65 72 2e 0a differ.. It reads a file, sends the content to a remote service (user defined through --script-args) and displays the results in hex and ascii. It's not ready for production yet but I hope you get the general idea. If it is something people want I'll finish it off. cheers - eddie
Hi Eddie. I like how you've implemented this as an NSE script rather than mucking with other things. The script _is_ useful but provides about the same thing that can be accomplished with a custom service probe and --version-trace. In order to make this script really worth it, I think it would need to contain multiple commands like so: # Send everything between the opening { and closing } payload[0] { \x01\x02\x03\x04hello btw, escape closing any closing \} with \\.\x00 } # If some response is received, send next command payload[1] { send more crap\n\r\x00 } Sending multiple payloads might be too much work for a generic NSE script for only marginal gain. If that is the case, do we need a single payload-inject which is only marginal gain over netcat/-sV/custom NSE script/etc? One script that would be really neat would be a -sV implementing NSE script. That is, I could give the script a service probe file and it would send the probes to the ports and run them through PCRE. I really hate mucking with nmap-service-probes when I'm testing a one-off probe/match. Arbitrary limitations could be put on on the custom probe file like only one probe and match or one probe, many matches, etc. This too would be a lot of work though for only marginal gain. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjRq4qaGPzAsl94IRAkGRAJwMxTDub29whEJfUkCyYGkJ1NzxFQCfc0tU obam/R5V24IRMmevPz7ysIU= =GXgL -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- adding this option? mike (Jan 13)
- Re: adding this option? DePriest, Jason R. (Jan 13)
- Re: adding this option? Eddie Bell (Jan 15)
- Re: adding this option? Brandon Enright (Jan 15)
- Re: adding this option? Eddie Bell (Jan 15)
- Re: adding this option? Diman Todorov (Feb 01)
- Re: adding this option? Eddie Bell (Jan 15)
- Re: adding this option? DePriest, Jason R. (Jan 13)