Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] hostmap.nse, hostnames discovery

From: Gutek <ange.gutek () gmail com>
Date: Sun, 03 Oct 2010 17:05:51 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 15/09/2010 22:54, Gutek a écrit :

Further developpement:
o Besides hostmap.nse creates a target-list file if such an argument is
provided, I'm very interested in the new "target-add" feature. I think
it will also be invoqued via an arg. I will keep the file creation
because its first goal is to be usable with other security tools like,
say, a web vulnerability scanner.


Hi list,
This update adds the target-add feature. Every target found is added to
the scan queue, which is very interesting if the script is called along
with other web-oriented scripts. For example the primary target may look
safe, but another co-hosted vhost could show a flaw which could lead to
the whole server compromission.

This script is also now a prerule script.
This gives the ability to gather informations passively without having
to actually scan the target (user just have to omit the newtargets
argument).

Here is an example output :

linux-pb94:/home/Gutek # nmap -p80 -PN -n
--script=hostmap.nse,html-title.nse --script-args
newtargets,hostmap.host="nmap.org",hostmap.file="a_famous_scanner_hostmap.nmap"

Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-10-03 16:35 CEST
Pre-scan script results:                                        
| hostmap: (results from bfk.de database)                       
| insecure.org                                                  
| download.insecure.org                                         
| images.insecure.org                                           
| www.insecure.org                                              
| nmap.org                                                      
| www.nmap.org                                                  
| sectools.org                                                  
| mirror.sectools.org                                           
| www.sectools.org                                              
| seclists.org                                                  
|_(file created: a_famous_scanner_hostmap.nmap)                 
Nmap scan report for insecure.org (74.207.254.18)               
Host is up (0.19s latency).                                     
PORT   STATE SERVICE                                            
80/tcp open  http                                               
|_html-title: Insecure.Org - Nmap Free Security Scanner, Tools & Hacking
res...

(...)

Nmap scan report for sectools.org (74.207.254.18)
Host is up (0.19s latency).
PORT   STATE SERVICE
80/tcp open  http
|_html-title: Top 100 Network Security Tools

Nmap scan report for seclists.org (74.207.254.18)
Host is up (0.19s latency).
PORT   STATE SERVICE
80/tcp open  http
|_html-title: SecLists.Org Security Mailing List Archive

Thanks for those new prerule and target add features :)

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkyom88ACgkQ3aDTTO0ha7gFtQCdGSGPzxdPbMyh5QZCBR76KXpE
xGsAn0bg8FZ4eisf/kY1G8byp9n8DJ5f
=NsIY
-----END PGP SIGNATURE-----

Attachment: hostmap.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: