Nmap Development mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 23 Mar 2011 00:32:51 +0100
On 2011-03-22 11:56:19 -0700, David Fifield wrote:
On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:Hello everyone, Attached is a draft of a targets-sniffer script. The script sniffs for a configured amount of a time and adds addresses from packets it sees in newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)
In your script I see that you have a check for duplicates new targets, you can drop it. Nmap internals already do this check, and if you want to see it just use -d3. You can do this: target.add(unpack(array_of_targets))
*Issues that need to be resolved:* 1) The sniffing interface is hard-coded at the moment. Is there a way to get the active interface in a prerule script? Alternatively I could change the rule to a hostrule. (and maybe a high enough runlevel to ensure the script runs first?)We don't have a way for scripts to get the list of interfaces, but Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291. It hasn't been added yet because there isn't a script to use it, but you can make it a part of your patch if it helps.
Please use the second version of the patch [1] and let us know if there are any bugs, and with that patch you can choose the network interface to use: * For prerule scripts: Nmap -e or -S options. * For hostrule/portrule: just use the host table (host.interface). e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e eth0 You can also check the type of the interface to report errors ... etc David just a note: The get_interface_info() function of the network interfaces patch should replace the nmap.get_interface_link() function. [1] http://seclists.org/nmap-dev/2011/q1/734 -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Kris Katterjohn (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse David Fifield (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 24)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Toni Ruottu (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Abuse007 (Mar 30)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)