Nmap Announce mailing list archives
nmap front end feedback
From: Alvin Oga <alvin.sec () Mail Linux-Consulting com>
Date: Sun, 24 Jun 2001 14:41:54 -0700 (PDT)
hi nmap-experts thank you for the 1000's of feedback scans that you all did.... ( geez what a response )... - added some additional "throw away characters" in the "hostname" ( % and - ) - my motivation for the frontend... - i got tired of looking at the nmap man pages each time i wanted to scan one of my new hosts/clients etc.. it also helps some ( me included ) to tighten up their boxes and turn things off that was supposed to have been off ... - and needed to give them managers a nice look-n-feel ( nice is all relative of course.. anyway, yes, i concur that allowing people sorta anonymous nmap scans of other hosts is bad ... - i equally hate "login required" before scanning ( maybe add the ip# field for those that do login ?? ( but does NOT solve the problem of scanning ( [cr/h]ackers can login too - its trivial to disallow entering the ip# ( problem was the static webpage nmap.test.html to initialize ( the nmap scan vs running the script to begin with ( ( http://.../cgi-bin/nmap_check.pl?IP=1.2.3.4 was/is missing ( the first time thru .. thats why i picked "localhost" to start - its trivial to also disallow too many scans from a person - we can also disallow the hackers/crackers ip in the httpd.conf files ?? - if it gets to be too much of an admin issue... ( the input field will disappear ... - the script can also be run manually from the command line... though i haven't check it lately - if the hacker/abuser wants to scan their potential target host they can already run nmap anyway ?? and probably have many staging machines ??? - if the legit user does not have lynx or netscape on the target host ... it makes it harder to scan and check that host ... so i liked the idea of entering an ip# ... - as for duplicating the script etc for your own network ... you'd need the following... - perl and nmap - sudo ( took me a while to figure it out - the fun part ) - php or equivalent... ( since i dont know php... i use my own whacky dynamic webpage generator ( gwif ) - i can tar up the files for you to download and install etc but there is NO support for "howto" change the gwif files - if you see a *.gwif.html file on this site ... the "real webpage" is the *.gwif .... the html version is generated by the gwif binary ... ( gopher-web-intermediate-file ..... gopher was 100x bigger in those days thanx again for your feedbacks ... hope it helped some of you alvin http://www.Linux-Sec.net/Audit/nmap.test.html -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap front end feedback Alvin Oga (Jun 24)