Nmap Development mailing list archives
Concerning Auxiliary Scripts
From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 27 Apr 2010 08:29:01 -0400
From docs/TODO:
o [NSE] Maybe we should create a class of scripts which only run one time per scan, similar to auxiliary modules in Metasploit. We already have script classes which run once per port and once per host. For example, the once-per-scan ("network script"?) class might be useful for broadcast LAN scripts (Ron Bowes, who suggested this (http://seclists.org/nmap-dev/2010/q1/883) offered to write a NetBIOS and DHCP broadcast script). Another idea would be an AS to IP ranges script, as discussed in this thread http://seclists.org/nmap-dev/2010/q2/101 [Could be a good SoC infrastructure project] o David notes: "I regret saying this before I say it, because I'm imagining implementation difficulties, we should think about having such auxiliary scripts be able to do things like host discovery, and then let the following phases work on the list it discovers." I'm thinking this should be a new scan type. Unless I'm mistaken, Nmap has never added hosts to the scan that weren't explicitly enumerated in some way on the command line. It would be appropriate for the user to give Nmap "permission" to find hosts and then do further scanning as if those hosts were given on the command line. Thoughts? As far as NSE is concerned, just like Version Detection runs the script engine with a "special" category ("version"), our new scan type would also run NSE. We can assign some arbitrary category to these "auxiliary" scripts. When NSE is in this host exploration/discovery mode, it doesn't bother with running hostrule/portrules and only runs scripts in that "auxiliary" category. Or for generality's sake, we can just have a single "fabricated" host for this scan type and all auxiliary scripts have a hostrule that always* returns true. * Unless it has a reason not to (--script-args?). My 2c, -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Concerning Auxiliary Scripts Patrick Donnelly (Apr 27)
- Re: Concerning Auxiliary Scripts David Fifield (Apr 27)