Output|Input pipe and forcing script run

[Martin Holst Swende <martin () swende se>]

Hi,

I have been doing quite a bit of work on the rmiregistry-dumper, and are
doing some testing. To *really* test it, I want to locate rmiregistrys
in the wild, and test if I can communicate with them.
Currently, I am doing this :
sudo nmap -sS -iR 10000 -p1098,1099 --open --script rmi-dumpregistry.nse
-d3 -Pn > nmap_rmi_discovery.log

I want to have 'd3' in order to view all traffic and all output from the
scripts, however, the logfiles get pretty big, and I am only interested
in the output produced when open ports are found. What I would really
like instead is to do something like this :
sudo nmap -sS -iR 10000 -p1098,1099 --open -Pn --output-pipe | nmap
--input-pipe --script rmi-dumpregistry.nse -d3 > nmap_rmi_discovery.log

That is:
* Perform one scan which only discovers open ports, and outputs them in
a format which can be read by the next proces. Example output could be
tcp:15.15.15.15:1098 [open]
tcp:15.15.13.15:1099 [open]
...
* Perform another scan which listens to stdin for targets, and knows how
to parse host/ip/protocol from the first scan

Is there a simple way which I can achieve this that I have missed ? If
not, consider the input/output options above a feature-request.

Also, a while ago there was a discussion about forcing a script to be
run . That is a feature I would really love. Is anybody working on that?
Fyodor suggested placing the patch in NSE, if that means in "lua-space"
I could implement that if given some hints on where to place it.

[1] http://seclists.org/nmap-dev/2010/q3/79
[2] http://seclists.org/nmap-dev/2010/q3/88

Regards,
Martin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/