Nmap Development mailing list archives
Re: Feature request: scanning an AS
From: Ron <ron () skullsecurity net>
Date: Thu, 8 Apr 2010 07:37:09 -0500
On Thu, 8 Apr 2010 02:31:56 -0700 Fyodor <fyodor () insecure org> wrote:
As Brandon notes, in many cases you may not want to scan every IP in an AS. But sometimes you do, and even when you don't it can be a good starting point. So it would be nice to have a script which could output the IP ranges for an AS, and then you could filter/review them before running Nmap again with -iL and your target list. I see this as similar to the way we have a script for doing zone transfers, which you may review/filter and then pass to a new Nmap -iL execution. [...] "I regret saying this before I say it, because I'm imagining implementation difficulties, we should think about having such auxiliary scripts be able to do things like host discovery, and then let the following phases work on the list it discovers."
It seems like it isn't just once-per-scan scripts that want to feed IP addresses back into the scan. What about doing a zone transfer then scanning the hosts returned? Or doing a DNS subdomain bruteforce and scanning the hosts returned? Etc? In every case, including AS, the user would probably want to edit the hosts before doing the actual scan (especially to verify that they actually have permission to scan them. For that reason, rather than doing a feedback loop (that may result in issues like we saw with --interactive), why don't we have an option for scripts to create a "discovered hosts" table that's output in -iL friendly format? Then any script that discovers hosts (whether it's from DNS lookups, dumping the ARP table from SNMP, etc) can add to the pool of discovered hosts, perhaps with a comment on where it came from. Exactly how it would look in the end, I'm not exactly sure. The user would likely have to run Nmap again with the list of hosts (maybe Zenmap could automate the process?), but it would be fairly simple compared to what it is currently. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Feature request: scanning an AS Ron (Apr 06)
- Re: Feature request: scanning an AS Brandon Enright (Apr 06)
- Re: Feature request: scanning an AS Ron (Apr 06)
- Re: Feature request: scanning an AS Michael Pattrick (Apr 06)
- Re: Feature request: scanning an AS Fyodor (Apr 08)
- Re: Feature request: scanning an AS Ron (Apr 08)
- Re: Feature request: scanning an AS Ron (Apr 06)
- Re: Feature request: scanning an AS Brandon Enright (Apr 06)
- <Possible follow-ups>
- Re: Feature request: scanning an AS Oliver Day (Apr 08)