Re: [NSE] New script reverse-index

[Patrik Karlsson <patrik () cqure net>]

On Mon, Nov 28, 2011 at 12:13 AM, David Fifield <david () bamsoftware com>wrote:

> On Thu, Nov 24, 2011 at 12:46:48AM +0100, Patrik Karlsson wrote:
> > On Wed, Nov 23, 2011 at 11:35 PM, Patrik Karlsson <patrik () cqure net>
> wrote:
> > > On Wed, Nov 23, 2011 at 5:19 PM, Patrik Karlsson <patrik () cqure net>
> wrote:
> > > > On Wed, Nov 23, 2011 at 1:36 AM, David Fifield <david () bamsoftware com
> > wrote:
> > > > > On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:
> > > > > > Hi,
> > > > > >
> > > > > > Here's an attempt on creating the reverse-index script which is in
> the
> > > > > > high-priority list of the secwiki.
> > > > > > The script runs both as a hostrule, collecting port information for
> > > > > each
> > > > > > host and storing it in the registry, and as a portrule building the
> > > > > output
> > > > > > based on the collected port data.
> > > > >
> > > > > > -- |   tcp
> > > > > > -- |     22: 192.168.0.60
> > > > > > -- |     23: 192.168.0.100
> > > > > > -- |   udp
> > > > > > -- |_    5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
> > > > >
> > > > > I would prefer output like this:
> > > > >
> > > > > > -- |   tcp/22: 192.168.0.60
> > > > > > -- |   tcp/23: 192.168.0.100
> > > > > > -- |   udp/5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
> > > > >
> > > > > > I wasn't sure how and if it's possible to create it as a postrule
> only
> > > > > > script as the secwiki documentation suggests.
> > > > >
> > > > > No, I don't think so. You found a nice solution.
> > > > >
> > > > > > Anyway, please let me know if it turned out as expected and
> whether it
> > > > > > should go into any other categories than safe, so that it can be
> > > > > committed.
> > > > >
> > > > > Looks good. Great job!
> > > > >
> > > > > David Fifield
> > > >
> > > > While trying to address this I noticed something weird.
> > > > If I do the following:
> > > >
> > > > repeat
> > > >   port = nmap.get_ports(host, port, "tcp", "closed")
> > > > until(not(port))
> > > >
> > > > I get ALL ports regardless of their protocol or state. Is this really
> > > > intended behavior.
> > > > According to my interpretation of the documentation I should only get
> > > > closed tcp ports, right?
> > > > Any ideas on what I need to do to fix this?
> > > I'm hoping this patch solves the problem and returns the correct ports
> > > matching both protocol and state.
> > > Could someone take a look at it and see if it looks correct before I
> > > commit it?
> > Here's a revised version of the script with the changes to formatting.
> > It needs the previous patch to nse_nmaplib.cc to return the proper
> results.
>
> I got the output backwards--it should be 22/tcp not tcp/22. Other than
> that you're good to go.
>
> David Fifield

I just committed the reverse-index script as r27261 with the above changes.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/