Nmap Development mailing list archives
Re: [NSE] New class of scripts -- New Rule proposal
From: Djalal Harouni <tixxdz () gmail com>
Date: Sat, 26 Jun 2010 17:25:35 +0100
On 2010-06-24 14:04:00 -0700, Fyodor wrote:
On Thu, Jun 24, 2010 at 09:02:46PM +0100, Djalal Harouni wrote:NSE proposal: New rule "netrule"Hi Djalal. Thanks for sending this proposal! I think it will be a great feature. My comments here might be a little scattered and brief, as I'm trying to get them out before our NSE meeting in 5 minutes :).Modify the dns-zone-transfer.nse script and add another rule to let the script run against the domain name to discover new targets. The current script will only run when Nmap finds a DNS server, so with a new added rule that script will run directly and does not depend on open ports and can find new subdomain targets for Nmap, in other words specify a domain name as a target and with the use of the results of this script, Nmap will scan all the newly discovered subdomains and hostnames.Note that this "Nmap will scan all the newly discovered subdomains and hostnames" part is a big change for Nmap proper. Still, I think it is worth doing and is better than forcing people to run the script once to get the targets and then again to specify those targets. The DNS zone transfer script example you gave is a good one. This will be a nice feature for Ron's California Vanity License plate script too (http://www.skullsecurity.org/blog/?p=723) :). I always feel silly having to specify a target host when I run that, even though it is ignored.o The scripts will run when the new --script-netscan Nmap option is specified and when the netrule function evaluates to true, like the version scan scripts which depend on the -sV option.Why not specify the scripts using --script like the host and port scripts? I don't see any need to have a separate option for this. I think the "default" category of these scripts (if we have any) should run by default just like default host and port scripts too. And I think we should use the normal --script-args option for their arguments.
A new option can warn the users that they can have new targets, and will activate the netrules. Yes the scripts must use the --script-args option for their arguments.
We can also have different new scripts which can run multiple times: o Before any scanning. o Before hostgroup NSE scan. o After hostgroup NSE scan. o After scanning all hostgroups.I think we should only have phases where we can demonstrate an important script which requires them (e.g. a use case). In particular, what scripts do you have in mind for "Before hostgroup NSE scan" and "After hostgroup NSE scan" scripts?
Perhaps NSE hostgroup after/before can let other classic (hostrule and portrule) scripts to add new targets to the next Nmap phase. Currently the only important examples that I've will feet in the pre-scan (before any scanning).
Net table: ---------- Information passed to the new net scripts is in the net lua table.If this information is unavailable in other ways, we should probably make it available to host/port scripts too in case they need it. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- tixxdz _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Daniel Miller (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal DePriest, Jason R. (Jun 29)
- Re: [NSE] New class of scripts -- New Net Rules proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Patrick Donnelly (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)