Re: named probes

[Martin Holst Swende <martin () swende se>]

On 02/22/2011 02:47 PM, Patrik Karlsson wrote:
> Hi all,
>
> I recently mentioned an idea, in one of many mssql mails, about implementing named probes.
> I'm starting a new thread regarding this idea incase someone missed it in between all the mssql stuff.
>
> What I would like to achieve is to address the problem that the "force patch" attempts to solve, but in a slightly 
> different way.
> By adding support for running one or more probes by name, one could target a number of ports and only run the probes 
> specified on the command line in order to do a very quick fingerprint.
> Instead of forcing scripts to run against each open port, the scripts would only run if the services were properly 
> detected as the targeted ones.
>
> The following example attempts to detect ms-sql or oracle servers running in the following port spans 1433-1500 and 
> 1521-1600.
> Once detected the correct brute script will be launched against the service.
> nmap -sV -p 1433-1500,1521-1600 1.2.3.4 --probes ms-sql-s,oracle-tns --script oracle-brute,ms-sql-brute
>
> The following example attempts to fingerprint any http-servers running on the ports 80,443 or 8080, 8443.
> For each detected http-server the http-title script is executed
> nmap -sV -p 80,443,8080,8433 --probes GetRequest --script http-title
That's a great idea, I'm all for it!
/Martin


> //Patrik
> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/