Nmap Development mailing list archives
set_port_state fails to introduce new ports
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Fri, 31 Dec 2010 12:45:07 +0200
I had some problems using set_port_state, so I wrote a minimal script to reproduce the problem. The attached script set666.nse sets udp port 666 to state "open" for all hosts. Try running it on a machine where the port 666 is closed. I'd use nmap -p 80 -sU --script set666.nse 127.0.0.1 The results should show open port 666, but they do not. This behavior prevents NSE scripts from reporting new scan results they come across while executing scripts. There are lots of discovery services that can be probed to get exact ip/port combinations to use as scan targets. The appropriate behavior to make use of such information would include a combination of prerule, and a hostrule. In such setup the prerule would probe the discovery service, adding the ips to scan targets and recording the corresponding ports to the registry. The host rule would get the port from the registry, scan it, and set the correct state using set_port_state. Any further analysis could be done using a portrule, since the host rule would have set the port state to "open". Fixing set_port_state to support ports outside the original specification would not only fix the problems with using discovery services, but also have other uses where the exact host/port combination is known. Such cases include crawling a network. With some protocols one can use a portrule script to get the targets connection table. This makes it possible to add other connected nodes into targets, but most of the time the connection table also reveals a working target port. Being able to have nmap scan that port is golden as the port is probably open, and running the service we are currently interested in. Fixing set_port_state is a good start towards writing service discovery and crawling scripts, but there might be other ways to make writing such scripts even more convenient. Some of them might be even more efficient, or more convenient to implement. What do you think? --Toni
Attachment:
set666.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- set_port_state fails to introduce new ports Toni Ruottu (Dec 31)