Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFC - nmap "crawl" feature / script

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 8 Jul 2008 23:56:29 +0100
On Tue, Jul 8, 2008 at 11:13 PM, Brandon Enright <> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 8 Jul 2008 13:00:22 -0500
"DePriest, Jason R." <> wrote:
...snip...

But before I start doing anything, has anyone else ever considered
this a desirable feature?  If so, has someone already written a script
to handle it?

Thank you.

-Jason



I've chatted with Fyodor about a similar idea involving host discovery
via SNMP from the detected routers (hops) from a --traceroute.

The idea is that most bigger organisations have routing gear for which
you can extract the ARP/CAM table via SNMP to discover new hosts.  If
you learn about the local router for a host, a few SNMP queries later
and you can have all the hosts in that VLAN, or even all the hosts
for any VLAN routed out of that router.

After really flushing the ideas out though we both agreed that while
that ability could be very useful, it is best left to an external
script.  Nmap is a great _port_scanner_ but probably shouldn't have
every darn networking task we can think of stuffed into it.

One thing that /would/ be nice though is to expose --traceroute
information to NSE so that a script can try to query the local router
for the target's MAC address.  IIRC this would require re-ordering NSE
to come after --traceroute.

Brandon


This at least reads the

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: