Re: [NSE] New class of scripts -- New Rule proposal

[Djalal Harouni <tixxdz () gmail com>]

On 2010-06-24 14:04:00 -0700, Fyodor wrote:
> On Thu, Jun 24, 2010 at 09:02:46PM +0100, Djalal Harouni wrote:
> > NSE proposal: New rule "netrule"
>
> Hi Djalal.  Thanks for sending this proposal!  I think it will be a
> great feature.  My comments here might be a little scattered and
> brief, as I'm trying to get them out before our NSE meeting in 5
> minutes :).
>
> > Modify the dns-zone-transfer.nse script and add another rule to let the
> > script run against the domain name to discover new targets. The current
> > script will only run when Nmap finds a DNS server, so with a new added
> > rule that script will run directly and does not depend on open ports and
> > can find new subdomain targets for Nmap, in other words specify a domain
> > name as a target and with the use of the results of this script, Nmap
> > will scan all the newly discovered subdomains and hostnames.
>
> Note that this "Nmap will scan all the newly discovered subdomains and
> hostnames" part is a big change for Nmap proper.  Still, I think it is
> worth doing and is better than forcing people to run the script once
> to get the targets and then again to specify those targets.  The DNS
> zone transfer script example you gave is a good one.
>
> This will be a nice feature for Ron's California Vanity License plate
> script too (http://www.skullsecurity.org/blog/?p=723) :).  I always
> feel silly having to specify a target host when I run that, even
> though it is ignored.
>
> > o The scripts will run when the new --script-netscan Nmap option is
> > specified and when the netrule function evaluates to true, like the
> > version scan scripts which depend on the -sV option.
>
> Why not specify the scripts using --script like the host and port
> scripts?  I don't see any need to have a separate option for this.  I
> think the "default" category of these scripts (if we have any) should
> run by default just like default host and port scripts too.  And I
> think we should use the normal --script-args option for their
> arguments.
A new option can warn the users that they can have new targets, and will
activate the netrules.
Yes the scripts must use the --script-args option for their arguments.

> > We can also have different new scripts which can run multiple times:
> > o Before any scanning.
> > o Before hostgroup NSE scan.
> > o After hostgroup NSE scan.
> > o After scanning all hostgroups.
>
> I think we should only have phases where we can demonstrate an
> important script which requires them (e.g. a use case).  In
> particular, what scripts do you have in mind for "Before hostgroup NSE
> scan" and "After hostgroup NSE scan" scripts?
Perhaps NSE hostgroup after/before can let other classic (hostrule and
portrule) scripts to add new targets to the next Nmap phase. Currently the 
only important examples that I've will feet in the pre-scan (before any scanning).

> > Net table:
> > ----------
> > Information passed to the new net scripts is in the net lua table.
>
> If this information is unavailable in other ways, we should probably
> make it available to host/port scripts too in case they need it.
>
> Cheers,
> Fyodor
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/