Nmap Development mailing list archives
Re: exploits with nmap
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Tue, 23 Feb 2016 23:12:33 +0530
Hi Tabish, Most scripts under the 'default' category are run automatically depending on the scan results. There are 4 rules 'post rule', 'pre rule', 'port rule' and 'host rule'. Post rule scripts are run after all the hosts are scanned, while pre rule scripts are run before even one host is scanned. Port rule scripts are run on ports or services determined as one of open, open|filtered, unfiltered by the port scan(after scanning a batch of hosts), which I guess is what you are trying to pitch. We also have hostrule scripts that take in a host table and run against matching hosts, after a batch of hosts is scanned. Hope I could help. For more see this link[1]. Cheers, Gyani [1]https://nmap.org/book/nse-script-format.html ᐧ On Tue, Feb 23, 2016 at 10:55 PM, tabish imran <tabish.imran96 () gmail com> wrote:
Thanks gyanendra , there's something that I'm planning to work on in my free time a nse script which suggests you scripts to run ( or runs them on your behalf if you chose to do so ) depending on the output of your scans .. For example, if it finds mysql running on a host , it could run related scripts like mysql-info or mysql-users. The user could pass script parameters like safe or intrusive and the script would handle the rest. Would love to hear your thoughts about this . Thanks.. On 22-Feb-2016 8:42 pm, "Gyanendra Mishra" <anomaly.the () gmail com> wrote:HI Tabish, We do have scripts that come under the "exploit" category and aim to actively exploit some vulnerability. Look at [1] for more. Cheers, Gyanendra [1]https://nmap.org/book/nse-usage.html ᐧ On Sun, Feb 21, 2016 at 9:46 PM, tabish imran <tabish.imran96 () gmail com> wrote:hi nmap devs , i was wondering what you guys think about adding exploit scripts in nmap , i realize there are scripts for detecting stuff like csrf etc , how about scripts which could exploit the vulnerabilities. ~newbie ~also a huge fan _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- exploits with nmap tabish imran (Feb 22)
- Re: exploits with nmap David Fifield (Feb 23)
- Message not available
- Message not available
- Re: exploits with nmap Gyanendra Mishra (Feb 23)
- Message not available