Nmap Development mailing list archives
Re: Script suggestions
From: Martin Holst Swende <martin () swende se>
Date: Fri, 02 Dec 2011 08:35:52 +0100
On 11/28/2011 01:52 AM, David Fifield wrote:
On Sun, Nov 27, 2011 at 10:34:44PM +0000, Duarte Silva wrote:The script option may be specified without arguments. So if you could take it as an example I guees it would make your live easier ;)--script requires an argument. You may be thinking of -sC (which is really the short option -s taking the argument "C" in disguise). It's possible to have options that take optional arguments, but I don't think we should because it works in a suprising way. It requires you to use '=' instead of a space after the option. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
I now have it almost ready. This is the second attempt to send this, the first mail was rejected (it was a bit too large) . Below is some sample output. I have some problems getting the script engine to run if I dont simultaneously use a real script. The nse_main loads just fine, but it the correct entry-point does not seem to load (either that, or there is no thread created for it). Will look into it more, but if anyone has any pointers that'd be great. Attached are the modified files, so you can test it yourselves. I added some stuff to nse_utility which I'm sure could use an extra pair of eyes. Other than that, the largest modifications are in nse_main, but most of it comes from me having to break up a function in order to reuse it for both script- and script-suggest rules. Oh, and the old force-stuff is in there aswell, though I haven't done anything more on that. I can provide separate patches later, but as I said, this is mostly for testing and not commit-ready anyway. It should work fine with at least r27295. nmap scanme.nmap.org -p22,80,21,554,9929 --script http-title -sCS -d -v -n PORT STATE SERVICE REASON 21/tcp closed ftp conn-refused 22/tcp open ssh syn-ack | script-suggest: | banner {discovery,safe} | ssh-hostkey {safe,default,discovery} | ssh2-enum-algos {safe,discovery} | sshv1 {default,safe} |_ unusual-port {safe} 80/tcp open http syn-ack |_http-title: Go ahead and ScanMe! | script-suggest: | banner {discovery,safe} | citrix-brute-xml {intrusive,auth} | citrix-enum-apps-xml {discovery,safe} | citrix-enum-servers-xml {discovery,safe} | http-affiliate-id {safe,discovery} | http-auth {default,auth,safe} | http-awstatstotals-exec {vuln,intrusive,exploit} | http-axis2-dir-traversal {vuln,intrusive,exploit} | http-brute {intrusive,brute} | http-cakephp-version {discovery,safe} | http-cors {default,discovery,safe} | http-date {discovery,safe} | http-default-accounts {discovery,auth,safe} | http-enum {discovery,intrusive,vuln} | http-favicon {default,discovery,safe} | http-form-brute {intrusive,brute} | http-google-malware {malware,discovery,safe,external} | http-headers {discovery,safe} | http-iis-webdav-vuln {vuln,intrusive} | http-joomla-brute {intrusive,brute} | http-litespeed-sourcecode-download {vuln,intrusive,exploit} | http-majordomo2-dir-traversal {intrusive,vuln,exploit} | http-malware-host {malware,safe} | http-method-tamper {safe,auth} | http-methods {default,safe} | http-passwd {intrusive,vuln} | http-php-version {discovery,safe} | http-put {discovery,intrusive} | http-robots.txt {default,discovery,safe} | http-trace {vuln,discovery,safe} | http-userdir-enum {auth,intrusive} | http-vhosts {discovery,intrusive} | http-vmware-path-vuln {vuln,safe} | http-vuln-cve2011-3192 {vuln,safe} | http-vuln-cve2011-3368 {intrusive,vuln} | http-waf-detect {discovery,intrusive} | http-wordpress-brute {intrusive,brute} | http-wordpress-enum {auth,intrusive,vuln} | http-wordpress-plugins {discovery,intrusive} | sql-injection {intrusive,vuln} |_ unusual-port {safe} 554/tcp closed rtsp conn-refused 9929/tcp open nping-echo syn-ack | script-suggest: | banner {discovery,safe} | nping-brute {brute,intrusive} |_ unusual-port {safe} command.go.*.lua=/home/martin/tools/nmap2/nmap scanme.nmap.org -p22,80,21,554,9929 --script http-title --script-suggest "intrusive or vuln"-d -v -n PORT STATE SERVICE 21/tcp closed ftp 22/tcp open ssh 80/tcp open http |_http-title: Go ahead and ScanMe! | script-suggest: | citrix-brute-xml {intrusive,auth} | http-awstatstotals-exec {vuln,intrusive,exploit} | http-axis2-dir-traversal {vuln,intrusive,exploit} | http-brute {intrusive,brute} | http-enum {discovery,intrusive,vuln} | http-form-brute {intrusive,brute} | http-iis-webdav-vuln {vuln,intrusive} | http-joomla-brute {intrusive,brute} | http-litespeed-sourcecode-download {vuln,intrusive,exploit} | http-majordomo2-dir-traversal {intrusive,vuln,exploit} | http-passwd {intrusive,vuln} | http-put {discovery,intrusive} | http-userdir-enum {auth,intrusive} | http-vhosts {discovery,intrusive} | http-vuln-cve2011-3368 {intrusive,vuln} | http-waf-detect {discovery,intrusive} | http-wordpress-brute {intrusive,brute} | http-wordpress-enum {auth,intrusive,vuln} | http-wordpress-plugins {discovery,intrusive} |_ sql-injection {intrusive,vuln} 554/tcp closed rtsp 9929/tcp open nping-echo | script-suggest: |_ nping-brute {brute,intrusive}
Attachment:
suggest.zip
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Script suggestions, (continued)
- Re: Script suggestions Duarte Silva (Nov 27)
- Re: Script suggestions Martin Holst Swende (Nov 27)
- Re: Script suggestions Duarte Silva (Nov 27)
- Re: Script suggestions David Fifield (Nov 27)
- Re: Script suggestions Duarte Silva (Nov 28)
- Re: Script suggestions Toni Ruottu (Nov 28)
- Re: Script suggestions Patrick Donnelly (Dec 04)
- Re: Script suggestions Djalal Harouni (Dec 04)
- Re: Script suggestions Martin Holst Swende (Dec 04)
- Re: Script suggestions Djalal Harouni (Dec 08)
- Re: Script suggestions Martin Holst Swende (Dec 01)