Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NMAP scripts

From: eldraco <eldraco () gmail com>
Date: Fri, 15 Aug 2008 01:03:07 -0300
Ok Adam, this is ugly but it should work if you are willing to do it...

1- iptables -A OUTPUT -p tcp --dport 23022 -j DROP
2- nmap -sS -p23022 -PN -n -v 
xx.xx.xx.xx --script=/usr/local/share/nmap/scripts/whois.nse

Result:
1- no packets send to xx.xx.xx.xx
2- whois executed right
3- quick


For example:
nmap -sS -p23022 -PN -n -v 
scanme.insecure.org --script=/usr/local/share/nmap/scripts/whois.nse

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-15 01:00 ART
Initiating SYN Stealth Scan at 01:00
Scanning 64.13.134.52 [1 port]
sendto in send_ip_packet: sendto(5, packet, 44, 0, 64.13.134.52, 16) => 
Operation not permitted
Offending packet: TCP me.me.me.me:52335 > 64.13.134.52:23022 S ttl=52 id=49065 
iplen=44  seq=1763118709 win=1024 <mss 1460>
sendto in send_ip_packet: sendto(5, packet, 44, 0, 64.13.134.52, 16) => 
Operation not permitted
Offending packet: TCP me.me.me.me:52336 > 64.13.134.52:23022 S ttl=37 id=17732 
iplen=44  seq=1763053172 win=2048 <mss 1460>
Completed SYN Stealth Scan at 01:00, 2.02s elapsed (1 total ports)
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 01:00
Completed SCRIPT ENGINE at 01:00, 0.91s elapsed
Host 64.13.134.52 appears to be up ... good.
Interesting ports on 64.13.134.52:
PORT      STATE    SERVICE
23022/tcp filtered unknown

Host script results:
|  Whois: Record found at whois.arin.net
|  netrange: 64.13.134.0 - 64.13.134.63
|  netname: NET-64-13-143-0-26
|  orgname: Titan Networks
|  orgid: INSEC
|  country: US stateprov: CA
|  orgtechname: Hostmaster
|_ orgtechemail: hostmaster () titan net

Read data files from: /usr/local/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 3.01 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)



I said, it is ugly.

hope that helps 

cheers
eldraco



El Friday 15 August 2008 00:25:35 jah escribió:

On 14/08/2008 10:16, adam.bull () bt com wrote:

Hi guys

Not a fault as such more of a question / recommendation, I want to be
able to run the nmap script WHOIS and harvest a list of IP addresses in a
range but I don't want to connect to the targets at all - just run the
script!.

I've looked through the help file and there's seems to be no way I can
just run the script without having to at least ping or send a "-sS -p80"
is it possible to run the script without having to make any connection to
the target kinda the opposite what nmap was built for but hey.


Hi Adam,

At presently, I believe that there isn't a way to run an NSE script
without scanning/pinging a target.  NSE scripts depend on nmap for their
targets (and some functionality not found in LUA) so it would require a
good deal of hacking to run the script apart from nmap - you'd be better
off scripting something with perl Net::Whois or some java-based command
line client <http://www.skytouch.com/soft/java/whois.html>.

Perhaps you'd be willing to scan your targets with a spoofed public IP
address.  Something along the lines of

nmap <target> -sS -p80 --max-retries 0 -n -PN -e <your-interface-name>
-S 66.249.67.205 -v --script whois

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org




-- 
Ing. Sebastián García
http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: