Re: Override port rule for a script from the command line?

[Marcus Haebler <haebler () gmail com>]

Dan,

thanks for the quick answer. This worked except for --version-light.
Turns out --version-light is an alias for "--version-intensity 2", SSL
handshake attempts start at "--version-intensity 3".

Using this command line I was able to see the supported ciphers:

nmap -sV --version-intensity 3 --script ssl-enum-ciphers -p 80 <target>

Thanks,

Marcus


On Mon, Jun 13, 2011 at 4:47 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
> You can use version detection (-sV) to detect the SSL, which will satisfy
> shortport.ssl. Use --version-light to avoid sending too many probes: it
> should be detected just fine with that.
>
> Dan
>
> On Mon, Jun 13, 2011 at 3:04 PM, Marcus Haebler <haebler () gmail com> wrote:
> > -All,
> >
> > is there a general way to override the portrule setting in a script
> > from the nmap command line? I was trying to run ssl-enum-ciphers
> >
> > http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
> >
> > on TCP port 80 because someone put an HTTPS server there.
> > Unfortunately, the script has a port rule of:
> >
> > portrule = shortport.ssl
> >
> > That seems to make it impossible to get the ciphers enumerated with
> > Nmap unless I either change the script - make portrule more general
> > like all TCP or add a script specific parameter - or have a general
> > way to override the portrule line.
> >
> > The latter does not seem to exist or I did not see the forest for the
> > trees.
> >
> > Thoughts?
> >
> > Thanks,
> >
> > Marcus
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/