Nmap Development mailing list archives
Re: port snipe functionality
From: David Fifield <david () bamsoftware com>
Date: Thu, 3 Feb 2011 23:42:37 -0800
On Sat, Jan 29, 2011 at 03:49:48PM +0200, Toni Ruottu wrote:
hey, I am still trying to snipe ports outside the current target specification. This is particularly useful for scanning distributed systems that do not have a standard port, but rather provide a discovery service that return (host, port) pairs for the involved nodes. In such cases it is natural to add discovery services as scan targets, and use port scripts to retrieve lists of (host, port) pairs from the service and store them into the registry. Problems arise when one goes on to write follow-up scripts that read the stored (host, port) pairs from the registry in order to scan them. Scanning the nodes would require an nmap.snipe(host, port) function that would allow scanning a port outside the original target specification. When combined with postrule scripts, sniping could be used to scan complex systems consisting of multiple nodes. As far as I've been able to find out such snipe function does not currently exist. Implementing one on the NSE side would require reimplementing big parts of the port scanning functionality on the NSE side. Also it seems to be currently impossible to reports port state and version information outside the original target specification. My impression is. Thus implementing a snipe function on the NSE does not seem feasible. How much effort would it take to implement this on the C side?
I think it wouldn't be hard to newly scan or re-scan certain selected ports. It's not that different from starting a scan over with newtargets. The big problems are those of policy and user interface. Will users be surprised if Nmap scans a port they didn't ask for? If there's a switch to turn on this feature, will anyone use it? What about, for example, XML output: do we add a new host element if a host is re-scanned, and will Nmap parsing libraries do the right thing with that? If you want this functionality, a good step towards its implementation would be a proposal outlining the new NSE functions to be created and how they would work, including when requested ports would be later scanned and what to do with duplicate hosts and ports. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- port snipe functionality Toni Ruottu (Jan 29)
- Re: port snipe functionality m k (Jan 30)
- Re: port snipe functionality David Fifield (Feb 03)