Nmap Development mailing list archives
Re: [NSE] New script reverse-index
From: David Fifield <david () bamsoftware com>
Date: Sun, 27 Nov 2011 14:40:05 -0800
On Wed, Nov 23, 2011 at 05:19:37PM +0100, Patrik Karlsson wrote:
On Wed, Nov 23, 2011 at 1:36 AM, David Fifield <david () bamsoftware com>wrote:On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:Hi, Here's an attempt on creating the reverse-index script which is in the high-priority list of the secwiki. The script runs both as a hostrule, collecting port information for each host and storing it in the registry, and as a portrule building theoutputbased on the collected port data.-- | tcp -- | 22: 192.168.0.60 -- | 23: 192.168.0.100 -- | udp -- |_ 5353: 192.168.0.102, 192.168.0.1, 192.168.0.60I would prefer output like this:-- | tcp/22: 192.168.0.60 -- | tcp/23: 192.168.0.100 -- | udp/5353: 192.168.0.102, 192.168.0.1, 192.168.0.60I wasn't sure how and if it's possible to create it as a postrule only script as the secwiki documentation suggests.No, I don't think so. You found a nice solution.Anyway, please let me know if it turned out as expected and whether it should go into any other categories than safe, so that it can becommitted. Looks good. Great job!While trying to address this I noticed something weird. If I do the following: repeat port = nmap.get_ports(host, port, "tcp", "closed") until(not(port)) I get ALL ports regardless of their protocol or state. Is this really intended behavior. According to my interpretation of the documentation I should only get closed tcp ports, right? Any ideas on what I need to do to fix this?
I can't reproduce this. I attached a script that has your example code. My output is: $ ./nmap --script=get-ports --top-ports 10 scanme.nmap.org -d PORT STATE SERVICE REASON 21/tcp closed ftp conn-refused 22/tcp open ssh syn-ack 23/tcp closed telnet conn-refused 25/tcp closed smtp conn-refused 80/tcp open http syn-ack 110/tcp closed pop3 conn-refused 139/tcp closed netbios-ssn conn-refused 443/tcp closed https conn-refused 445/tcp closed microsoft-ds conn-refused 3389/tcp closed ms-term-serv conn-refused Host script results: | get-ports: | open | 22 | 80 | closed | 21 | 23 | 25 | 110 | 139 | 443 | 445 |_ 3389 David Fifield
Attachment:
get-ports.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script reverse-index Patrik Karlsson (Nov 22)
- Re: [NSE] New script reverse-index Patrick Donnelly (Nov 22)
- Re: [NSE] New script reverse-index David Fifield (Nov 22)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 23)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 23)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 23)
- Re: [NSE] New script reverse-index David Fifield (Nov 27)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 28)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 23)
- Re: [NSE] New script reverse-index David Fifield (Nov 27)
- Re: [NSE] New script reverse-index Patrik Karlsson (Nov 28)