Re: Re[2]: nmap+V

["Max" <nmap () webwizarddesign com>]

Hi,

    My two cents :P opinion and a question all in one.  Where should the
    line be drawn between what nmap should do / does and what tools that
    use nmap should do?  This is something easily done/implemented in
    a higher level language .. I have a base banner grabber class 
    implemented in my Nmap::Scanner package.  Maintenance-wise,
    providing this functionality through a scripting language means
    easier updates/enhancements.

    It is pretty trivial to do this kind of thing using a parsing
    module like mine or another XML nmap backend that has recently
    been released to CPAN .. which was inspired by my module (according
    to him) but takes a different, more lightweight, approach to the whole 
    parsing process and is definitely worthwhile to check out for those of 
    you interested in nmap output processors.

    Parse::Nmap::XML (Anthony Persaud)

    The point of all this, again, is:
    *  Where is the line between core functionality and add-on functionality?
    *  Is it better to add this kind of thing to the core of nmap or should
       it be left for more RAD types of languages and output processors and
       be kept out of the core?

    I have been able to write Nmap diff scripts, nmap -> db persistence 
    scripts, nmap scan graphers, and nmap banner grabbers in 20-30 lines of 
    perl code (for each) using my own module and other CPAN modules 
    (Text::Diff, DBI, DBD, etc).  The example scripts in my Nmap::Scanner 
    distro show some of this functionality.

    Yes, an output processor will not match the performance of having nmap
    do it all, but that is the trade off .. easier maintenance, greater
    coder base, smaller core code base, with some speed losses and some
    workarounds that need to be done in the output processors because they
    are outside of the core.

    I am not saying I have an answer to this question .. personally I would 
    prefer to do such kinds of higher-level functions in a higher level 
    language, but that is just me :).

Regards,
Max

On Tue, 02 Sep 2003 18:34:07 EDT, Bo Cato wrote:
> I personally would like to see a banner grab added to the list
> of nmap options. Actually I'd like it as a default for -sT scans
> privileged or unprivileged users.
>
> Coupling it with syn or other scans seems pointless. Obviously you're
> not going to get a banner with anything short of a full connect.
>
>
> Tuesday, September 02, 2003, 11:44:34 AM, you wrote:
>
> J> -----BEGIN PGP SIGNED MESSAGE-----
> J> Hash: SHA1
>
> J> On Tuesday 02 September 2003 10:54, Paul Johnston wrote:
> > > Hi,
> > >
> > > > Ah cool. Feature request - be able to do banner grab without doing syn
> > > > scan
> > > > first to see if open since if you're going to send a syn and then
> > > > banner grab
> > > > you might as well banner grab in the first place - from memory think
> > > > this is
> > > > a problem with nmap+V.
> > >
> > > The syn scan avoids the kernel's tcp implementation and does raw IP
> > > itself. After this, it's not generally possible to go back to using the
> > > kernel's tcp sockets, without starting the connection from scratch. So
> > > to support this nmap would need to contain either a full tcp
> > > implementation, or some highly platform specific hack.
>
> J> I think you missed my point. You can simply do a connect(2) to the port in
>  
> J> question and grab the banner rather than doing a SYN scan first and then a
>  
> J> banner grab.
>
> J> - -jamie.
>
> J> -----BEGIN PGP SIGNATURE-----
> J> Version: GnuPG v1.0.7 (GNU/Linux)
>
> J> iD8DBQE/VLrm0oWsN6bx+R0RAuYlAJwKKAIQrEFUIYPRkx6RbDc1QWF1SACfSbEE
> J> 0w3bDaB2i454VeG8lX+a8H4=
> J> =Jqep
> J> -----END PGP SIGNATURE-----
>
>
> J> ---------------------------------------------------------------------
> J> For help using this (nmap-dev) mailing list, send a blank email to
> J> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to 
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).