Nmap Development mailing list archives
Re: Nmap script ideas wiki
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Tue, 15 Mar 2011 20:14:29 +0200
I added most of the script ideas I posted earlier. I left some peer-to-peer ones out for now as they seem a bit complex. The problem present in many of them is that the protocol may be really open and powerful, so deciding how far to go in the scan is hard. The typical questions I run into are. Is the user interested in all the information? How many scripts should be created, and what roles should they take? Should we try not to affect the system, or try to affect it a lot? Also, do we want to crawl the network to find out information about the node we are scanning. For example should we ask all neighbors of one node to provide an IP address for the node we are scanning? Some neighbors might have different ideas of what the address for the node, and I would not be surprised if some peer-to-peer protocol would let us ask that question. We might also want to crawl the network to find new nodes to scan, but that is a different story. I also added a firesheep-discovery script to the list. Firesheep is a session high jacking tool that may be used to take over unprotected network sessions on wireless networks. The firesheep-discovery prerule script would list hosts that are running Firesheep on the current LAN. The script should support adding discovered hosts as scan targets. A tool called BlackSheep does this type of discovery. The discovery can be done by creating fake sessions, and capturing messages that Firesheep sends to gather details for available sessions. On Sat, Mar 12, 2011 at 8:37 PM, Fyodor <fyodor () insecure org> wrote:
On Fri, Mar 11, 2011 at 07:13:14PM +0200, Toni Ruottu wrote:What kind of suggestions are welcome? I wrote a few, but I am not sure if I should spam the wiki with all the scripts I've been thinking about.These are great suggestions! Please add them to the page. https://secwiki.org/w/Nmap_Script_Ideas Cheers, Fyodor
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap script ideas wiki Fyodor (Mar 11)
- Re: Nmap script ideas wiki Toni Ruottu (Mar 11)
- Re: Nmap script ideas wiki David Fifield (Mar 11)
- Re: Nmap script ideas wiki Nick Nikolaou (Mar 11)
- Re: Nmap script ideas wiki David Fifield (Mar 11)
- Re: Nmap script ideas wiki David Fifield (Mar 11)
- Re: Nmap script ideas wiki Fyodor (Mar 12)
- Re: Nmap script ideas wiki Toni Ruottu (Mar 15)
- Re: Nmap script ideas wiki Ron (Mar 16)
- Re: Nmap script ideas wiki Toni Ruottu (Mar 11)
- Re: Nmap script ideas wiki Fyodor (Mar 14)