Nmap Development mailing list archives
Re: Ncrack: -iX, -iN input from Nmap
From: David Fifield <david () bamsoftware com>
Date: Wed, 26 Aug 2009 11:40:38 -0600
On Wed, Aug 26, 2009 at 06:11:02PM +0300, ithilgore wrote:
I just finished implementing two new options for Ncrack: -iX and -iN. These options let the user specify the attacked targets/services using Nmap's XML and Normal output files correspondingly. Ncrack is going to parse Nmap's output file and will see which ports are open and to which hostnames/IP-addresses these ports correspond so that it uses these as its targets. In addition, if Nmap's version detection is enabled, Ncrack is also going to use this additional info to crack services that listen on non-default ports. For example, there might be a SSH Service listening on a port other than 22, which Nmap's version detection is probably going to detect. That information is stored in Nmap's output files and is consequently used by Ncrack to deduce which module to use for those non-default-port services. If a service is not supported by Ncrack's modules, it is going to be ignored. I have tested both options against a variety of files, however more testing is going to be needed, especially with the -iN option since Nmap's -oN format is more loose than the XML one.
There seems to be something wrong with extraports handling in -iX. Ncrack finds the ssh service with # nmap localhost <ports><extraports state="closed" count="997"> <extrareasons reason="resets" count="997"/> </extraports> <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" method="table" conf="3" /></port> <port protocol="tcp" portid="631"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ipp" method="table" conf="3" /></port> <port protocol="tcp" portid="6000"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="X11" method="table" conf="3" /></port> </ports> But it doesn't work with # nmap -p 22 localhost <ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" method="table" conf="3" /></port> </ports> No services specified! QUITTING! Opening an XML file in Zenmap and saving it again changes the file format enough that it's not recognized. $ ncrack -iX zenmap.xml -v -v localhost -iX file doesn't seem to be in Nmap's XML output format option -oX <filename>! QUITTING! A lightweight XML parser would be better than pattern matching, but I can sympathize with the difficulty there. The fact that we couldn't find a small C or C++ XML library with a suitable license is one of the reasons Ndiff is written in Python. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack: -iX, -iN input from Nmap ithilgore (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap David Fifield (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap ithilgore (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap David Fifield (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap ithilgore (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap Fyodor (Aug 27)
- Re: Ncrack: -iX, -iN input from Nmap Dirk Loss (Aug 27)
- Re: Ncrack: -iX, -iN input from Nmap Fyodor (Aug 28)
- Re: Ncrack: -iX, -iN input from Nmap Dirk Loss (Aug 28)
- Re: Ncrack: -iX, -iN input from Nmap ithilgore (Aug 26)
- Re: Ncrack: -iX, -iN input from Nmap David Fifield (Aug 26)