Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Output|Input pipe and forcing script run

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 01 Oct 2010 16:10:49 -0500
You got me. I meant pipelining, rather than parallelization. I'd get bored if I had to wait for the entire 10000 hosts to be scanned before I started getting results. Good job on the true parallelizing! I'm assuming you did something like: 

for i in {0..10}; do (
  gfile=open-$i.gnmap
  sudo nmap -sS -iR 1000 -p1098,1099 --open -Pn -oG $gfile
  perl -i -lane 'next if /^#/;print $F[1] if $F[4]=~/open/' $gfile
  sudo nmap -iL $gfile --script rmi-dumpregistry.nse -d3>>nmap_rmi_discovery.log.$i
  )&
done
I'm glad you're using bash. When I first read the email, I started thinking of how I could do it in Windows CMD.EXE, and that just made my head hurt. 

Dan


On 09/30/2010 04:39 PM, Martin Holst Swende wrote:

Thank you!

You missed a bit with the parallellisation (it's still sequential, or
maybe I am totally lost), but I sorted that out with some of my mad
bash-fu skills. (The three commands need to be run in sequence, but
*that* can be paralellized with '&')

Regards,
Martin

On 09/29/2010 09:34 PM, Daniel Miller wrote:

Martin,

Here's an example of a short shell script that could do that for you,
more or less.

for gfile in open-{0..10}.gnmap; do
   sudo nmap -sS -iR 1000 -p1098,1099 --open -Pn -oG $gfile
   perl -i -lane 'next if /^#/;print $F[1] if $F[4]=~/open/' $gfile
   sudo nmap -iL $gfile --script rmi-dumpregistry.nse -d3>>
nmap_rmi_discovery.log
done

I split the scan into 10 parts so that you get some parallelization.
To do it all at once is similar:

sudo nmap -sS -iR 1000 -p1098,1099 --open -Pn -oG open.gnmap
perl -i -lane 'next if /^#/;print $F[1] if $F[4]=~/open/' open.gnmap
sudo nmap -iL open.gnmap --script rmi-dumpregistry.nse -d3>>
nmap_rmi_discovery.log

Hope that helps!

Dan


On 09/29/2010 03:47 AM, Martin Holst Swende wrote:

Hi,

I have been doing quite a bit of work on the rmiregistry-dumper, and are
doing some testing. To *really* test it, I want to locate rmiregistrys
in the wild, and test if I can communicate with them.
Currently, I am doing this :
sudo nmap -sS -iR 10000 -p1098,1099 --open --script rmi-dumpregistry.nse
-d3 -Pn>   nmap_rmi_discovery.log

I want to have 'd3' in order to view all traffic and all output from the
scripts, however, the logfiles get pretty big, and I am only interested
in the output produced when open ports are found. What I would really
like instead is to do something like this :
sudo nmap -sS -iR 10000 -p1098,1099 --open -Pn --output-pipe | nmap
--input-pipe --script rmi-dumpregistry.nse -d3>   nmap_rmi_discovery.log

That is:
* Perform one scan which only discovers open ports, and outputs them in
a format which can be read by the next proces. Example output could be
tcp:15.15.15.15:1098 [open]
tcp:15.15.13.15:1099 [open]
...
* Perform another scan which listens to stdin for targets, and knows how
to parse host/ip/protocol from the first scan

Is there a simple way which I can achieve this that I have missed ? If
not, consider the input/output options above a feature-request.

Also, a while ago there was a discussion about forcing a script to be
run . That is a feature I would really love. Is anybody working on that?
Fyodor suggested placing the patch in NSE, if that means in "lua-space"
I could implement that if given some hints on where to place it.

[1] http://seclists.org/nmap-dev/2010/q3/79
[2] http://seclists.org/nmap-dev/2010/q3/88

Regards,
Martin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: