Nmap Development mailing list archives
[NSE] request: feeding hosts back into Nmap
From: Ron <ron () skullsecurity net>
Date: Thu, 17 Jun 2010 11:09:42 -0500
Hey all, This is a feature I've thought of before, and that we've talked about before, but now I have a really good "first script" that I'm hoping will provide motivation. This also goes well with the idea of "scan scripts" (as opposed to host/port scripts). The idea is, having a script that can find more IP addresses for Nmap to scan. Those IP addresses are fed into a new hostgroup, and, when Nmap is done the current scan, it continues on with scanning the new hosts. Technologically, I talked to Patrick a little and he doesn't think it'll be too bad. Here are some ideas of what it can be used for: o One person I've talked to via email and on IRC has used bruteforce to collected reverse DNS records for every host on the Internet. He wants to write an Nmap script that will probe that database for a domain name (say, *.foxnews.com) and generate the list of addresses to scan. o Something else I posted about before is using a query to get every IP address in a given AS and scan them. Although the usefulness of this can be disputed, it would be trivial to do with this type of script. o The ntp-monlist script currently lists all IP addresses that have used an NTP server. This can potentially have an option to feed those IP addresses back into Nmap. o Other scripts can potentially find new targets, like one that queries a peer-to-peer port. Clearly, there would have to be some kind of intelligence for host- or port-scripts, because if they run every time there are going to be infinite loops to deal with. But the idea of having a scan-script that generates the addresses to scan is a useful idea, I think. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] request: feeding hosts back into Nmap Ron (Jun 17)