Re: does nmap already do this?

["DePriest, Jason R." <jrdepriest () gmail com>]

Yes, your email looks a little out of synch.  Line wrap off perhaps?

Anyway, if you are asking what I think you are asking, nmap can't do that.

I think you are asking about scanning a remote system with nmap and
having nmap determine what the remote executable listening on the
remote port is.

You'd have to use a combination of nmap and something like psexec
(from Microsoft Sysinternals) and openports (from DiamondCS) to get
the executable.  Or even psexec and netstat.

Of course, this assumes you have the appropriate permissions to run
programs on the remote system and that the remote system is a
Windows-based system.  Also, this assumes your local system is Windows
since psexec and openports are Windows programs.

If the remote system has an SSH server running on it and uses
certificate authentication, you could use Nessus to perform some
remote local checks.

-Jason

On Fri, Aug 15, 2008 at 7:46 PM, mike <> wrote:
> Hello
> I was scanning with nmap today and noticed something that could possibly be added (unless it already is somewhere and 
> i don't see it)
>
> why not include in the output after a scan in the nmap-services output section the name of the actual EXE/application 
> that created the socket?
>
> i was scanning the machine my roommate has upstairs and i found these items:
> 1025/tcp open          unknown                       syn-ack6646/tcp open          Mcafee-Network-Agent          
> syn-ack9485/tcp open          DISCover-Stream-Hub           syn-ack
>
> now i already realize the tcp port 1025 is an RPC based service that needs querying which nmap does not support for 
> windows at the moment. the other services are what i want you to look at. it is a Hewlett-Packard machine. i actually 
> went upstairs and did a verification of what applications actually created these sockets by doing a simple taskmgr 
> dump. i simply added those service names to the file "nmap-services". what i wanted to show you was an application 
> path example. here is the one for DISCover Stream Hub>>
>
> Application: C:\Program Files\DISC\DiscStreamHub.exeParent: C:\Program Files\DISC\DISCover.exeProtocol: TCP 
> InDestination: 0.0.0.0::9485
>
> now i don't want nmap to clutter the output afer a scan with EVERYTHING! i simply feel it would be quite nice to have 
> the name of the application or path that created the listening socket. anyone agree? i am not the coder here, so i am 
> simply throwing out the idea to you guys. think about it. if you had the exact name of the path and what opened the 
> socket, you could go right into trying to run your exploits or whatever else you care to use. it takes the guesswork 
> out of alot of things
>
> as far as how these application paths would be added to nmap,i simply recommend we add them to a database just like 
> any other way we submit things here. ok, i did my part. the idea is out there, so embrace it or shoot it down
>
> thank you
> Mike
>
> _________________________________________________________________
> Talk to your Yahoo! Friends via Windows Live Messenger.  Find out how.
> http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org



-- 
NOTICE: Reading this email message requires root privileges which you
do not appear to possess. Sorry, dude.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org