Nmap Development mailing list archives
Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated
From: Diman Todorov <diman.todorov () chello at>
Date: Mon, 11 Dec 2006 14:39:24 +0100
Hello List,
If NSE had something like Metasploit's DCERPC or Nessus's generic RPC packet creation functions it would gain so much more flexibility and power. Also, checks from other frameworks could (in most cases) be ported to NSE. Making an RPC library for NSE would be a big undertaking but would benefit the community greatly in the long run. Brandon
I haven't looked at it into great detail but nmap has some RPC functionality. Interfacing it it to NSE is not very difficult. Fyodor, is the RPC code base in nmap sufficient for doing RPC or would it need extending? I have some ideas for further NSE development. I am putting them up for discussion. New ideas and criticism of my ideas are of course welcome. * Functional list operations (map, apply, head, tail, pair etc.) * a print_debug() function which only prints output on higher verbosity levels * prototypes for common rules so that you can do things like: portrule = protorule("http", "tcp") instead of tediously defining a function. I have not decided yet what rules are best to have a prototype for. * buffered I/O. We have a patch for that already (thanks majek) but it is still not decided if the buffering should be patched directly into the nsock library or in the NSE library. * a socket:get_contents() which returns only the payload of the underlying protocol. This might not be straight forward though. The socket would have to know its protocol for this to work as expected. * make PCRE usage more comfortable. Currently the PCRE interface is pretty low level. * I will definitely add a way to list the available categories. * Return exception objects instead of only an error string. * Store the ports to detected services in the registry. That way you can find out the port on which http is running on a target by simply looking into the NSE registry. Nessus is doing something similar. * Provide a more expressive way to choose scripts. For example '-- script all and not intrusive' or '--script intrusive or safe and not harmless'. The syntax is just an example, not a suggestion. * Provide a method to allow passing command line arguments to scripts. Someone mentioned that it would be nice to be able to pass things like username/password to specific scripts. Think '--script- arguments script-id:argument1 script-id:argument2' or something similar. * Currently NSE considers only TCP and UDP open and open|filtered. Maybe users should be allowed to decide for themselves which port states they want to consider. * Write a function which generates n bytes of random data quickly so that it can be used for buffer overflows. * Add md5 sha1 etc. computation * Implement nsock garbage collection. So that if you forget to close a socket it will be implicitly destroyed when the script finishes. * Make a standalone NSE interpreter for easy script development and debugging. * Perhaps allow scripts to generate new targets. So that you can query a dns server to find out which hosts belong to a certain domain and then ask nmap to scan these. Cheers Diman _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Fyodor (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Diman Todorov (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Arturo 'Buanzo' Busleiman (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)