Nmap Development mailing list archives
Re: does nmap already do this?
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Sat, 16 Aug 2008 01:46:02 -0500
Yes, your email looks a little out of synch. Line wrap off perhaps? Anyway, if you are asking what I think you are asking, nmap can't do that. I think you are asking about scanning a remote system with nmap and having nmap determine what the remote executable listening on the remote port is. You'd have to use a combination of nmap and something like psexec (from Microsoft Sysinternals) and openports (from DiamondCS) to get the executable. Or even psexec and netstat. Of course, this assumes you have the appropriate permissions to run programs on the remote system and that the remote system is a Windows-based system. Also, this assumes your local system is Windows since psexec and openports are Windows programs. If the remote system has an SSH server running on it and uses certificate authentication, you could use Nessus to perform some remote local checks. -Jason On Fri, Aug 15, 2008 at 7:46 PM, mike <> wrote:
Hello I was scanning with nmap today and noticed something that could possibly be added (unless it already is somewhere and i don't see it) why not include in the output after a scan in the nmap-services output section the name of the actual EXE/application that created the socket? i was scanning the machine my roommate has upstairs and i found these items: 1025/tcp open unknown syn-ack6646/tcp open Mcafee-Network-Agent syn-ack9485/tcp open DISCover-Stream-Hub syn-ack now i already realize the tcp port 1025 is an RPC based service that needs querying which nmap does not support for windows at the moment. the other services are what i want you to look at. it is a Hewlett-Packard machine. i actually went upstairs and did a verification of what applications actually created these sockets by doing a simple taskmgr dump. i simply added those service names to the file "nmap-services". what i wanted to show you was an application path example. here is the one for DISCover Stream Hub>> Application: C:\Program Files\DISC\DiscStreamHub.exeParent: C:\Program Files\DISC\DISCover.exeProtocol: TCP InDestination: 0.0.0.0::9485 now i don't want nmap to clutter the output afer a scan with EVERYTHING! i simply feel it would be quite nice to have the name of the application or path that created the listening socket. anyone agree? i am not the coder here, so i am simply throwing out the idea to you guys. think about it. if you had the exact name of the path and what opened the socket, you could go right into trying to run your exploits or whatever else you care to use. it takes the guesswork out of alot of things as far as how these application paths would be added to nmap,i simply recommend we add them to a database just like any other way we submit things here. ok, i did my part. the idea is out there, so embrace it or shoot it down thank you Mike _________________________________________________________________ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- NOTICE: Reading this email message requires root privileges which you do not appear to possess. Sorry, dude. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- does nmap already do this? mike (Aug 15)
- Re: does nmap already do this? Brandon Enright (Aug 15)
- Re: does nmap already do this? Michael Pattrick (Aug 15)
- Re: does nmap already do this? DePriest, Jason R. (Aug 15)
- Re: does nmap already do this? Brandon Enright (Aug 15)