Nmap Development mailing list archives
Re: named probes
From: Martin Holst Swende <martin () swende se>
Date: Tue, 22 Feb 2011 19:50:03 +0100
On 02/22/2011 02:47 PM, Patrik Karlsson wrote:
Hi all, I recently mentioned an idea, in one of many mssql mails, about implementing named probes. I'm starting a new thread regarding this idea incase someone missed it in between all the mssql stuff. What I would like to achieve is to address the problem that the "force patch" attempts to solve, but in a slightly different way. By adding support for running one or more probes by name, one could target a number of ports and only run the probes specified on the command line in order to do a very quick fingerprint. Instead of forcing scripts to run against each open port, the scripts would only run if the services were properly detected as the targeted ones. The following example attempts to detect ms-sql or oracle servers running in the following port spans 1433-1500 and 1521-1600. Once detected the correct brute script will be launched against the service. nmap -sV -p 1433-1500,1521-1600 1.2.3.4 --probes ms-sql-s,oracle-tns --script oracle-brute,ms-sql-brute The following example attempts to fingerprint any http-servers running on the ports 80,443 or 8080, 8443. For each detected http-server the http-title script is executed nmap -sV -p 80,443,8080,8433 --probes GetRequest --script http-title
That's a great idea, I'm all for it! /Martin
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- named probes Patrik Karlsson (Feb 22)
- Re: named probes Martin Holst Swende (Feb 22)