Re: [NSE] resolveall prerule, nmap.resolve(), nmap.address_family()

[Djalal Harouni <tixxdz () gmail com>]

On 2010-08-11 02:03:14 -0500, Kris Katterjohn wrote:
> I've attached a patch and new prerule script for adding new targets to Nmap
> (target adding functionality is still not in trunk yet, but here's this anyway
> like my snmp-interfaces changes).  The script is called resolveall and just
> takes a host as it's only argument, resolveall.host.
>
> Several months ago there was discussion on Nmap scanning all addresses for a
> given host name, which is a very bad idea for default behavior.  As far as I
> know, nothing else came of this (no options, etc), so I decided to write this.
>
> I've also added general functions to the nmap library: resolve(host,af) takes
> a name and optional address family ("inet", etc) and returns a table with all
> of the addresses; address_family() returns Nmap's o.af() value as "inet" or
> "inet6" like resolve() expects.  If resolve() is not given an address family
> then it doesn't care and returns all addresses.
>
> Other scripts could find these useful since (for example) it can't determine
> the address family any other way (at least not prerule scripts; portrule
> scripts could look in the host table to deduce this).  But right now they just
> make resolveall quite simple while still looking ahead.
>
> To test, use Djalal's nmap-add-targets branch (until it gets merged to trunk)
> with the attached patch and run resolveall with args "newtargets" and
> "resolveall.host" set to a host with multiple (or single, really) addresses,
> like google.com.   www.kame.net gives IPv4 and IPv6 addresses.
>
> Again, only one additional target gets scanned for now right but Djalal is on
> this.
Hi Kris,

I've fixed the bug, so you can go ahead and update your code to add
all the new targets (IPs or Hostnames), I've also done some changes on
the target.lua library, it's documented.
For any one hwo wants to play with this you checkout:
svn co --user=guest --password="" \
svn://svn.insecure.org/nmap-exp/djalal/nmap-add-targets

The feature will let prerule, portrule and hostrule scripts to add
targets to Nmap. Targets are IPs or hostnames and even Networks with
cidr notation or other target specification supported by Nmap, but
perhaps this will change and we should include some network filtering
features and allow only IPs and Hostnames, what do you think ?
Adding networks will make it difficult to filter and if we parse the net
block then it would consume lot of memory ...

Excluded targets and max hosts per group features are honored, and you
can count on them, so if you specify an excluded target with
--exclude nmap.org ,then even if a script will add it, it will not be
scanned. The same thing for min-hostgroup/max-hostgroup.

I'll try to do more tests, thx.

-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/