Nmap Development mailing list archives
Re: Forcing scripts to run?
From: Dražen Popović <drazen.popovic () fer hr>
Date: Mon, 12 Jul 2010 20:46:29 +0200
On Mon, 2010-07-12 at 11:26 -0500, Ron wrote:
Hey all, I was helping somebody resolve an issue this morning, and realized there's a feature missing from NSE that maybe ought to be there: forcing a script to run against a host and/or port in spite of its hostrule/portrule. What happened was, he had a custom HTTP running on a non-standard port. Nmap -sV didn't recognize it as a HTTP server (and shouldn't -- it wasn't a standard configuration), so http-headers.nse wouldn't run against it. The only way to do it would be to change the service to run on a port that Nmap recognizes as HTTP or to hack the portrule to say "if port == 1234 then return true end". Neither of those are great solutions. Any ideas how it could work? I imagine this as similar to --version-all, except it would be running every script against every host/port.
Hi Ron, correct me if I'm wrong but I think that OpenVAS has this feature implemented using "Optimize tests". By disabling this "optimization" one actually makes sure that every script will be run, regardless of the previously (un)gathered results. For more details see http://www.openvas.org/compendium/nasl-plugin-description.html So that would be a cool feature to have and its motivation seems sound as its already present in other security tools like OpenVAS and Nessus. I don't see too many implementation issues considering that NSE engine should execute every selected scripts regardless of the port/host/net rule. Regards, Dražen. -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Forcing scripts to run? Ron (Jul 12)
- Re: Forcing scripts to run? David Fifield (Jul 12)
- Re: Forcing scripts to run? Dražen Popović (Jul 12)
- Re: Forcing scripts to run? Fyodor (Jul 12)