Nmap Development mailing list archives
Call for testing: --lua-exec in Ncat feature (*nix only at the moment)
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Fri, 21 Jun 2013 18:20:54 +0200
Greetings, fellow hacker! I'd like to start off by thanking you for reading this e-mail. You being subscribed to Nmap's development mailing list means that you're interested in the path the project is going to take and have the power to change this path. It's a lot. It is a great occasion for you to use this power now. Today I finished implementing --lua-exec functionality for the Ncat tool (at least as far as Unix-compatible systems are concerned; Windows is not supported yet). --lua-exec allows the users to write Lua scripts that will automate the way Ncat communicates using sockets. This way you can easily write simple clients and servers that are made of portable code interpreted by a very lightweight tool. In addition to that, you can still switch TCP to UDP or STCP with a single command-line switch, enable SSL if you need it, use IPv6, secure your service with IP black/whitelists and many more... All the power of Ncat Swiss Army knife now automated! This feature is currently in beta stage, which means it should already be stable, but we need creative testers to have fun with the feature and make sure it can be relied upon. In order to do that, please download the code and build it, along with its dependencies, using a following chain of commands: svn co https://svn.nmap.org/nmap-exp/d33tah/ncat-lua && \ cd ncat-lua ./configure make The build process might take a few minutes. If the command's output didn't end with an error, it means you successfully built Ncat (along with the rest of Nmap project) and can now either issue “make install” as root to install it or run it from the current working directory by issuing “ncat/ncat” command. Now, let's try it out. We're first write a script that asks for your name and says hello to you. Write the following lines into a greet.lua file: io.stdout:write("Please enter your name: ") io.stdout:flush() --if we don't use print(), we need to flush name = io.stdin:read("*line") print(string.format("Hello, %s! And goodbye!", name)) (for the non-Lua programmers, the text after the double hyphen is just a comment). Once you you created that file, let's run a service powered by this script on a TCP port 31337 and connect to it: # ncat --lua-exec scripts/greeter.lua -l -p 31337 # ncat localhost 31337 Please enter your name: Now you can write your name (or anything else) and see it being repeated. After that, the script terminates and the server shuts down (you can change that using --keep-open, or -k command-line switch). --lua-exec works well over binary streams as well. In the “ncat/scripts” directory you can find some examples and I demonstrated this capability in 05-telnet.lua, where Ncat responds to telnet control commands as would Ncat's -t command-line switch do. Feel free to do some experimenting! Did you like it? Was it stable or did you stumble upon a bug? Is there something that should have been mentioned in the documentation, but it wasn't? Is there some feature in particular that could prove useful? Though we're mostly looking for bug reports now, every feedback, both positive and negative, can influence the final implementation. Remember, your voice matters! Thanks for helping Ncat become an even better tool! Have a nice day, Jacek “d33tah” Wielemborek _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Call for testing: --lua-exec in Ncat feature (*nix only at the moment) Jacek Wielemborek (Jun 21)