Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

adding this option?

From: mike <dmciscobgp () hotmail com>
Date: Mon, 14 Jan 2008 03:31:58 +0000

i mentioned this to Fyodor but never got a reply. i have used nmap for years and love the options it features and i am 
glad people are always looking for him to add more. right now it is the ultimate port scanner as far as i am concerned, 
for it pretty much has everything BUT...an option for pushing your OWN packet payload data via your own way instead of 
NSE scripting. i am not a fan of NSE/lua scripting, it is cumbersome and for the newbie, a bit cryptic. the same goes 
for adding version triggers. i have a hard time parsing those lines as well. for a few years i have done this as a test 
for port knocking and payload triggers---running netcat like this: nc -v -u (ip) (port) < (file i create in hex to push 
payload string/data). i would then run ethereal with the -X option for full disection of the protocol or just a simple 
running windump to see what i get back. i asked fyodor since he already has the option --data-length, which only sends 
RANDOM data in bytes, why not allow us, the users to point to our OWN files to send what we would like to trigger? 
anyone else agree with this idea? setting an option like --local-file that would point to your "payload.foo" file and 
you could send this to a target range for say RIP or BGP, ie: a payload that is not handled yet by nmap for triggers. i 
wrote out a simple 24 byte RIP1 packet to pull the remote route table on request with an AF of 0 as the RFC specifies. 
i have given him the idea, i do not code so i can only add my input in terms of what i would like to see as a user of 
nmap. any of you guys think that option could be added and would it be something you would also wish to see?
Mike
_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: