Nmap Development mailing list archives
does nmap already do this?
From: mike <dmciscobgp () hotmail com>
Date: Sat, 16 Aug 2008 00:46:26 +0000
Hello I was scanning with nmap today and noticed something that could possibly be added (unless it already is somewhere and i don't see it) why not include in the output after a scan in the nmap-services output section the name of the actual EXE/application that created the socket? i was scanning the machine my roommate has upstairs and i found these items: 1025/tcp open unknown syn-ack6646/tcp open Mcafee-Network-Agent syn-ack9485/tcp open DISCover-Stream-Hub syn-ack now i already realize the tcp port 1025 is an RPC based service that needs querying which nmap does not support for windows at the moment. the other services are what i want you to look at. it is a Hewlett-Packard machine. i actually went upstairs and did a verification of what applications actually created these sockets by doing a simple taskmgr dump. i simply added those service names to the file "nmap-services". what i wanted to show you was an application path example. here is the one for DISCover Stream Hub>> Application: C:\Program Files\DISC\DiscStreamHub.exeParent: C:\Program Files\DISC\DISCover.exeProtocol: TCP InDestination: 0.0.0.0::9485 now i don't want nmap to clutter the output afer a scan with EVERYTHING! i simply feel it would be quite nice to have the name of the application or path that created the listening socket. anyone agree? i am not the coder here, so i am simply throwing out the idea to you guys. think about it. if you had the exact name of the path and what opened the socket, you could go right into trying to run your exploits or whatever else you care to use. it takes the guesswork out of alot of things as far as how these application paths would be added to nmap,i simply recommend we add them to a database just like any other way we submit things here. ok, i did my part. the idea is out there, so embrace it or shoot it down thank you Mike _________________________________________________________________ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- does nmap already do this? mike (Aug 15)
- Re: does nmap already do this? Brandon Enright (Aug 15)
- Re: does nmap already do this? Michael Pattrick (Aug 15)
- Re: does nmap already do this? DePriest, Jason R. (Aug 15)
- Re: does nmap already do this? Brandon Enright (Aug 15)