Nmap Development mailing list archives
Re: [NSE] Script Pre-scanning and Post-scanning example
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 10 Aug 2010 19:19:41 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [This email covers more general topics farther down] On 08/06/2010 12:18 PM, Djalal Harouni wrote:
Hi list, I've merged the Script Pre-scanning and Post-scanning phases to Nmap trunk. I hope that we'll see lot of scripts that make use of them.
After talking with Djalal, I've attached a patch to add prerule processing to snmp-interfaces. This patch adds the addresses of the host's interfaces to Nmap target list in order to possibly expose any additional services running on the host. While this script requires the target adding changes present in the nmap-exp/djalal/nmap-add-targets branch, Djalal is OK with me posting this now. You won't want to use this prerule all of the time with many ports (scanning the same host multiple times, when many ports will be same), but it certainly has its uses. This is from a scan against 192.168.1.1 (using Djalal's branch) with script args "newtargets,snmpinterfaces.server=192.168.1.1": Pre-scan script results: |_snmp-interfaces: Successfully added 3 new targets Nmap scan report for 192.168.1.1 Host is up (0.022s latency). PORT STATE SERVICE 21/tcp open ftp 22/tcp closed ssh 23/tcp closed telnet 80/tcp open http 443/tcp closed https Nmap scan report for 192.168.10.6 Host is up (0.017s latency). PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp closed telnet 80/tcp open http 443/tcp closed https ssh is only running on the added interface (Ethernet), which would stay unknown if only 192.168.1.1 (SLIP) was scanned alone. (Also notice that the script adds 3 new targets but only 1 (192.168.10.6) is shown here. Only one added host is scanned, but Djalal mentioned that he is working on fixing this in his branch [thus I haven't tested multiple added addresses]. These other addresses not added are actually the address we probed and the host's localhost-- Nmap itself needs to make these checks to keep this out of scripts. Unfortunately I haven't yet checked Djalal's branch to see what all is checked so far so I can't comment any further.) Notes on this patch: * The snmpinterfaces.server arg is required to specify the SNMP host to probe for interface addresses. An optional port arg is available to specify a port other than 161. This is just like the dns-zone-transfer changes. * The pre-scan output is not the usual snmp-interfaces output, but rather just a line stating how many targets were successfully added. The prerule functionality for this script in this patch is to add targets and so I thought the output should pertain solely to that. Notes in general: * It started bothering me working on this patch that scripts could get quickly cluttered with different branches for prerule, postrule, etc. when script functionality may only be slightly related amongst phases. A thought I had would be to check if a script offers functions named things like postaction() and execute these hooks instead of action() in the post-scan phase (for example)-- this way script authors have control on clutter and can separate it with NSE easily obliging. Scripts which don't have these hooks are just called with action() like normal. A counter-argument to this could be to just add more code to libraries and have separate script to prerule and postrule if they are substantially different enough to warrant things like postaction(). But the latter could mean very specific things added to libraries which only these scripts would use, which then just needlessly clutters libraries. If all multiphase scripts are simple enough (it wouldn't make sense to use postaction or something like that in my patch, for example) then this won't be a problem, but some forethought may save future headaches. Who knows, maybe simply breaking up action() will always be best if the phases make it too messy. * Djalal's work on these different phases seems to work well. I've only really tested with this patch (prerule), but I didn't have any problems. Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMYeycAAoJEEQxgFs5kUfuH3wP/j1wWHR0JcFUT6KqaUYEXgh6 LkGPYsrbU8l92J8WRLMuhEJwcYN8Ne/w8oRNovP/TGVs0vGHd4y3IjaYj8tOVt0I 03QiBwWhPhan49QHq4lyxvpafPwY4dzLHCUphQdKyCof8N+0ckLsBlxKHAKHa3Pb D2xAQBj055uBkklDtIQca+S7pITDfnLW2fSVuR05FwK4fcyvXJXTURcBa+Y1L2nr ucZPjz00ItRpTpzs1gRbEoYOggbqgO+j6mkHLMf5+sTamrf02Gagh7D5JGTATXTR BUfEwbj0emwFXq1mHyeo3f7raqHpGlaDBkk5gwJ/wvcmgq1MKkuLS8fo2DHCUq8l 4++UnHTtszsvxV0wBrUDHxUGFUCpJJ4PwwTrynOtm1uXjtfjnAVk+l9q6+gDcnSX cQVbfrP50o0vL9QHzAKqn2pL2u5byNpDapl4DRX3/rAIQCXMynOV/hT0NJuGkoka QIhbEm/vrgbxHMkuu5tUEgJoyFuX3OW5AS9TLkVDUXdReX0B6jGDmSlGvjzbE7zm yaB1CQH/SuRGVGcAbmcf5yf3qAHxQrl/rENTYEcYPbGe2zLj+zJKVcySHa28AmWU Ac6pfTlS3AHsp/jdyoVDINlEbOUeqD6MyuDdx/1F00seJ3u4jVcqBqGTth0hGxjq g7kxrqxaBk+NxEQZOzuq =Tpl5 -----END PGP SIGNATURE-----
Attachment:
snmp.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script Pre-scanning and Post-scanning example Djalal Harouni (Aug 06)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Aug 10)
- Re: [NSE] Script Pre-scanning and Post-scanning example Patrick Donnelly (Aug 10)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Aug 10)
- Re: [NSE] Script Pre-scanning and Post-scanning example Djalal Harouni (Aug 11)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Aug 11)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Sep 09)
- Re: [NSE] Script Pre-scanning and Post-scanning example David Fifield (Sep 27)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Sep 27)
- Re: [NSE] Script Pre-scanning and Post-scanning example Patrick Donnelly (Aug 10)
- Re: [NSE] Script Pre-scanning and Post-scanning example Kris Katterjohn (Aug 10)
- Re: [NSE] resolveall prerule, nmap.resolve(), nmap.address_family() Djalal Harouni (Aug 11)
- Re: [NSE] resolveall prerule, nmap.resolve(), nmap.address_family() Patrik Karlsson (Aug 12)