Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: general scanning engine - request for comments :)

From: majek04 <nmap () forest one pl>
Date: Mon, 17 Jul 2006 05:03:26 +0200
Hi.

I have some part of 'general scanning engine',
or maybe we should call this code: my proposition
of implementation GSE.


The code is there:
http://ai.pjwstk.edu.pl/~majek/private/nmap/nmap-4.20ALPHA4-gse-01.diff

** it should be treated as proof-of-concept **



Quick installation:
# wget http://www.insecure.org/nmap/dist/nmap-4.20ALPHA4.tar.bz2
# wget http://ai.pjwstk.edu.pl/~majek/private/nmap/nmap-4.20ALPHA4-gse-01.diff
# tar xjf nmap-4.20ALPHA4.tar.bz2
# cd nmap-4.20ALPHA4
# cat ../nmap-4.20ALPHA4-gse-01.diff|patch -p1
# ./configure
# make
#
# cd gse
# sh ./make
# ./gse


It supports:
        - only http-connect
        - chaining

Dns-resolving is now broken. No command-line support (edit main.cc).
Memory is not freed properly, etc.


Now I'm waiting for your comments.
I hope to hear many of them because
if you like this code, it will probably be added to our beloved nmap :)



There is funny thing with 'squid' http proxy.

Normally connection is closed after every 'CONNECT' request.
But if the port is blocked by squid's settings (403)
than connection is waiting for next requests.

You can observe this on state chart: that's an arrow on the left.
http://ai.pjwstk.edu.pl/~majek/private/nmap/state-httpconnect.png

Other, less interesting chart:
http://ai.pjwstk.edu.pl/~majek/private/nmap/state-nsock.png


This is example output of my code, using 3 http-connect proxies.

WARNING: Connection #0: creating
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T1
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T1 is gateway_filtered:
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T2
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T2 is gateway_filtered:
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T3
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T3 is gateway_filtered:
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T4
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T4 is gateway_filtered:
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T5
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T5 is gateway_filtered:
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T22
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T22 is opened:
WARNING: Connection #0: creating
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: connecting to next hop
WARNING: Connection #0: succeded, scanning host 192.168.1.1:T80
WARNING: CONNECTION #0: SCANNED HOST 192.168.1.1:T80 is closed:
WARNING: Scan sucessfully completed.


You can see that ports 1,2,3,5,22 are scanned using one real
connection. Port 22 is opened, and this wasted the connection.
Than connection is closed, and new connection is opened
to scan port 80.


I hope you'll like my implementation.


cheers!
Marek Majkowski









_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: