Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Concerning Auxiliary Scripts

From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 27 Apr 2010 08:29:01 -0400
From docs/TODO:


o [NSE] Maybe we should create a class of scripts which only run one
  time per scan, similar to auxiliary modules in Metasploit. We
  already have script classes which run once per port and once per
  host. For example, the once-per-scan ("network script"?) class might
  be useful for broadcast LAN scripts (Ron Bowes, who suggested this
  (http://seclists.org/nmap-dev/2010/q1/883) offered to write a
  NetBIOS and DHCP broadcast script). Another idea would be an AS to
  IP ranges script, as discussed in this thread
  http://seclists.org/nmap-dev/2010/q2/101 [Could be a good SoC
  infrastructure project]
  o David notes: "I regret saying this before I say it, because I'm
    imagining implementation difficulties, we should think about
    having such auxiliary scripts be able to do things like host
    discovery, and then let the following phases work on the list it
    discovers."


I'm thinking this should be a new scan type. Unless I'm mistaken, Nmap
has never added hosts to the scan that weren't explicitly enumerated
in some way on the command line. It would be appropriate for the user
to give Nmap "permission" to find hosts and then do further scanning
as if those hosts were given on the command line. Thoughts?

As far as NSE is concerned, just like Version Detection runs the
script engine with a "special" category ("version"), our new scan type
would also run NSE. We can assign some arbitrary category to these
"auxiliary" scripts. When NSE is in this host exploration/discovery
mode, it doesn't bother with running hostrule/portrules and only runs
scripts in that "auxiliary" category. Or for generality's sake, we can
just have a single "fabricated" host for this scan type and all
auxiliary scripts have a hostrule that always* returns true.

* Unless it has a reason not to (--script-args?).

My 2c,

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: