Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: general scanning engine - beta release

From: majek04 <nmap () forest one pl>
Date: Tue, 25 Jul 2006 10:35:18 +0200
Hi!


As you could got used to, my beta releases are rather, hmm... unfinished.

The same is this time, though I would like to hear your opinion
about it :) (And I think you could have fun playing with this patch)

http://ai.pjwstk.edu.pl/~majek/private/nmap/nmap-4.20A4-gse-beta1.diff


Okay.


Availble engines: HTTPCONNECT, HTTPGET, SOCKS4, FTPBOUNCE, IMAP


Command line "-x <type://[user:pass@]host:port ,...>"
Type must be one of: httpconnect, httpget, socks4, ftpbounce, imap
There are also some shortcuts like: hc, hg, s4, ftp

Oh. You must specify at least type, host and port.

Example:
#./nmap -P0 -x "httpconnect://localhost:8080 socks4://192.168.1.1:9050"
         --max-parallelism=5 --max-rtt-timeout=10s -p 1,80,443,113,22
          www.nasa.gov

I sepecified --max-rtt-timeout because 'tor' tries to make new circuit
when it detects that the port is closed.


Very interesting is IMAP engine. As far as I know, the only server that allows this
is uw-imapd. Uw-imapd supports plain text authorization only on encrypted port 993.
Unfortunetally this nmap proxyscan doesn't support ssl yet.
You'll have to prepare ssl tunnel by hand. I prefer stunnel4. with added options:

accept = <myip>:144
connect = <targetsip>:993
client = yes



Have fun!

I'm waiting for your comments / bug reports.


Marek Majkowski

PS. You can do funny enumeration like:
#./nmap -P0 -x 'httpconnect://targetproxy:8080' 127.0.0.1



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: