Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] hostmap.nse, hostnames discovery

From: David Fifield <david () bamsoftware com>
Date: Fri, 15 Oct 2010 20:07:44 -0700
On Sun, Oct 03, 2010 at 05:05:51PM +0200, Gutek wrote:

Le 15/09/2010 22:54, Gutek a écrit :

Further developpement:
o Besides hostmap.nse creates a target-list file if such an argument is
provided, I'm very interested in the new "target-add" feature. I think
it will also be invoqued via an arg. I will keep the file creation
because its first goal is to be usable with other security tools like,
say, a web vulnerability scanner.


This update adds the target-add feature. Every target found is added to
the scan queue, which is very interesting if the script is called along
with other web-oriented scripts. For example the primary target may look
safe, but another co-hosted vhost could show a flaw which could lead to
the whole server compromission.


I have added the script, with lots of changes.


This script is also now a prerule script. This gives the ability to
gather informations passively without having to actually scan the
target (user just have to omit the newtargets argument).


I think this makes it much less useful. I changed it back to hostrule.
You can do it easily without scanning the target:

        nmap -Pn -sn --script=hostmap <targets...>

I changed the hostmap.file script argument to hostmap.prefix, which
controls a filename prefix. Like this:

        nmap -Pn -sn --script=hostmap --script-args hostmap.prefix=hostmap- nmap.org microsoft.com

It will write to the files hostmap-nmap.org and hostmap-microsoft.com.

I also changed it from "safe" to "intrusive", just because I still don't
want to be too hard on the database server. With newtargets, a lot of
redundant queries are generated: Suppose an IP address has 20 entries.
When each of those is added to the scan queue, the same query will be
made 19 more times.

Thanks for this script!

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: