Nmap Development mailing list archives

Re: Nmap SoC Ideas?

From: Fyodor <fyodor () insecure org>
Date: Sun, 21 Mar 2010 14:53:04 -0700

On Sat, Mar 13, 2010 at 07:46:09PM -0600, Ron wrote:

I've been keeping a wishlist lately, here's mine (let me know if you
need clarification on anything):


Thanks for your suggestions, Ron!

o 'auxiliary' scripts, in the same sense as auxiliary modules in
Metasploit. Basically, scripts that run once, period. The biggest use
of these is the ability to do broadcasted scripts, for NetBIOS, DHCP,
etc


That is an interesting idea and I think it is worth considering.  I
added this to docs/TODO so we don't forget about it:

o [NSE] Maybe we should create a class of scripts which only run one
  time per scan, similar to auxiliary modules in Metasploit. We
  already have script classes which run once per port and once per
  host. For example, the once-per-scan class might be useful for
  broadcasted scripts such as NetBIOS, DHCP, etc.  We will of course
  need to have at least one such script to start out with. (suggested
  by Ron Bowes at http://seclists.org/nmap-dev/2010/q1/883).

o Better script integration into Zenmap, such as parsing the @args
fields for the scripts (and nselibs) to ask the user what they want to
fill in (if anything).


Yeah, Zenmap script integration is a high priority.  I enhanced the
TODO entry a bit:

o Zenmap script selection interface for deciding which NSE scripts to
  run.  Ideally it would have a great, intuitive UI, the smarts to
  know the scripts/categories available, display NSEdoc info, and even
  know what arguments each can take.

o A 'ranking' system for scripts, like Metasploit has for modules,
and some intelligence in Zenmap that recommends scripts that might
work against systems


Metasploit's ranking system
(http://www.metasploit.com/redmine/projects/framework/wiki/Exploit_Ranking)
seems to be similar in some ways to our categorization system.  Also,
our scripts generally are able to figure out on their own if they will
work against a system/port.  So it doesn't hurt much to specify a
script which doesn't end up being used.  But yeah, it might be
interesting to see what scripts would have run (per their host/port
rules) if they had been specified.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap SoC Ideas? Fyodor (Mar 13)
- Re: Nmap SoC Ideas? Ron (Mar 13)
  - Re: Nmap SoC Ideas? Fyodor (Mar 21)
    - Re: Nmap SoC Ideas? Ron (Mar 21)
    - Re: Nmap SoC Ideas? Djalal Harouni (Mar 21)
    - Re: Nmap SoC Ideas? Patrik Karlsson (Mar 22)
    - Re: Nmap SoC Ideas? Djalal Harouni (Mar 22)
    - Re: Nmap SoC Ideas? ithilgore (Mar 24)
- Re: Nmap SoC Ideas? Daniel Roethlisberger (Mar 14)
  - Re: Nmap SoC Ideas? Chip Panarchy (Mar 14)
    - Re: Nmap SoC Ideas? Ron (Mar 14)
    - Re: Nmap SoC Ideas? Interactivity/phase cancellation David Fifield (Mar 14)
    - Re: Nmap SoC Ideas? Interactivity/phase cancellation Patrick Donnelly (Mar 14)

(Thread continues...)