Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

does nmap already do this?

From: mike <dmciscobgp () hotmail com>
Date: Sat, 16 Aug 2008 00:46:26 +0000

Hello
I was scanning with nmap today and noticed something that could possibly be added (unless it already is somewhere and i 
don't see it)
 
why not include in the output after a scan in the nmap-services output section the name of the actual EXE/application 
that created the socket?
 
i was scanning the machine my roommate has upstairs and i found these items:
1025/tcp open          unknown                       syn-ack6646/tcp open          Mcafee-Network-Agent          
syn-ack9485/tcp open          DISCover-Stream-Hub           syn-ack
 
now i already realize the tcp port 1025 is an RPC based service that needs querying which nmap does not support for 
windows at the moment. the other services are what i want you to look at. it is a Hewlett-Packard machine. i actually 
went upstairs and did a verification of what applications actually created these sockets by doing a simple taskmgr 
dump. i simply added those service names to the file "nmap-services". what i wanted to show you was an application path 
example. here is the one for DISCover Stream Hub>> 
 
Application: C:\Program Files\DISC\DiscStreamHub.exeParent: C:\Program Files\DISC\DISCover.exeProtocol: TCP 
InDestination: 0.0.0.0::9485
 
now i don't want nmap to clutter the output afer a scan with EVERYTHING! i simply feel it would be quite nice to have 
the name of the application or path that created the listening socket. anyone agree? i am not the coder here, so i am 
simply throwing out the idea to you guys. think about it. if you had the exact name of the path and what opened the 
socket, you could go right into trying to run your exploits or whatever else you care to use. it takes the guesswork 
out of alot of things
 
as far as how these application paths would be added to nmap,i simply recommend we add them to a database just like any 
other way we submit things here. ok, i did my part. the idea is out there, so embrace it or shoot it down
 
thank you
Mike

_________________________________________________________________
Talk to your Yahoo! Friends via Windows Live Messenger.  Find out how.
http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: