Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Boolean Operators for --script (again)

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 8 Apr 2009 00:54:51 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick,

Is it possible with this patch to specify something like --script="all and not (telnet-brute, whois)"?

Brandon


On Tue, 7 Apr 2009 18:52:11 -0600
Patrick Donnelly <batrick.donnelly () gmail com> wrote:


Attached is a patch similar to [1] that allows a user to specify
categories with boolean operators. The engine uses Lua to compile the
comma delimited "rules" and global variables to neatly achieve this.

A couple examples:

batrick@li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "Default and
Intrusive" localhost
Fetchfile found ./nmap-services
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:43 MST
[...]
NSE: Loaded 7 scripts for scanning.
NSE: Loaded 'dns-zone-transfer.nse'.
NSE: Loaded 'dns-recursion.nse'.
NSE: Loaded 'http-open-proxy.nse'.
NSE: Loaded 'ftp-bounce.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'ssh-hostkey.nse'.
NSE: Loaded 'ms-sql-info.nse'.
[...]


batrick@li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "Default and not
Intrusive" localhost
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:44 MST
[...]
NSE: Loaded 17 scripts for scanning.
NSE: Loaded 'mysql-info.nse'.
NSE: Loaded 'smb-os-discovery.nse'.
NSE: Loaded 'irc-info.nse'.
NSE: Loaded 'upnp-info.nse'.
NSE: Loaded 'auth-owners.nse'.
NSE: Loaded 'smtp-commands.nse'.
NSE: Loaded 'realvnc-auth-bypass.nse'.
NSE: Loaded 'nbstat.nse'.
NSE: Loaded 'rpcinfo.nse'.
NSE: Loaded 'sshv1.nse'.
NSE: Loaded 'pop3-capabilities.nse'.
NSE: Loaded 'sslv2.nse'.
NSE: Loaded 'finger.nse'.
NSE: Loaded 'snmp-sysdescr.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'html-title.nse'.
NSE: Loaded 'robots.txt.nse'.
[...]


batrick@li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "auth, demo or
default" localhost
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:49 MST
[...]
NSE: Loaded 32 scripts for scanning.
NSE: Loaded 'dns-zone-transfer.nse'.
NSE: Loaded 'dns-recursion.nse'.
NSE: Loaded 'smtp-open-relay.nse'.
NSE: Loaded 'snmp-brute.nse'.
NSE: Loaded 'http-open-proxy.nse'.
NSE: Loaded 'mysql-info.nse'.
NSE: Loaded 'pop3-brute.nse'.
NSE: Loaded 'ftp-bounce.nse'.
NSE: Loaded 'smb-os-discovery.nse'.
NSE: Loaded 'irc-info.nse'.
NSE: Loaded 'ftp-brute.nse'.
NSE: Loaded 'upnp-info.nse'.
NSE: Loaded 'auth-owners.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'ssh-hostkey.nse'.
NSE: Loaded 'smtp-commands.nse'.
NSE: Loaded 'realvnc-auth-bypass.nse'.
NSE: Loaded 'nbstat.nse'.
NSE: Loaded 'smb-brute.nse'.
NSE: Loaded 'rpcinfo.nse'.
NSE: Loaded 'sshv1.nse'.
NSE: Loaded 'ms-sql-info.nse'.
NSE: Loaded 'pop3-capabilities.nse'.
NSE: Loaded 'sslv2.nse'.
NSE: Loaded 'finger.nse'.
NSE: Loaded 'snmp-sysdescr.nse'.
NSE: Loaded 'telnet-brute.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'html-title.nse'.
NSE: Loaded 'robots.txt.nse'.
[...]



Categories are still case insensitive but the boolean operators must
be lower case. The only possible problem with this new feature is one
could explicitly specify "version", although I don't it as a big deal:

./nmap --script "not not version" localhost

Cheers,


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknb9eMACgkQqaGPzAsl94KyKgCghNzKREe8OXZgolv2c+Ms3dhn
UVYAoLD7YfeliOeq/XrH+qW5cJQh7GUK
=rb6f
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: