Re: [NSE] Draft - targets-sniffer.nse

[Nick Nikolaou <nikolasnikolaou1 () gmail com>]

> On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:
> In your script I see that you have a check for duplicates new targets,
> you can drop it. Nmap internals already do this check, and if you want
> to see it just use -d3.


Hey Djalal, I suspected that but forgot to confirm it. Thanks.

You can do this: target.add(unpack(array_of_targets))


Thanks, made the changes.

Please use the second version of the patch [1] and let us know if there
> are any bugs, and with that patch you can choose the network interface
> to use:
> * For prerule scripts: Nmap -e or -S options.
> * For hostrule/portrule: just use the host table (host.interface).


> e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
> eth0


I just applied the patch. I 'll report back once I get some spare time to
make the changes to the script.

Nick

On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:

> On 2011-03-22 11:56:19 -0700, David Fifield wrote:
> > On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
> > > Hello everyone,
> > >
> > > Attached is a draft of a targets-sniffer script. The script sniffs for
> a
> > > configured amount of a time and adds addresses from packets it sees in
> > > newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)
> In your script I see that you have a check for duplicates new targets,
> you can drop it. Nmap internals already do this check, and if you want
> to see it just use -d3.
>
> You can do this: target.add(unpack(array_of_targets))
>
> > > *Issues that need to be resolved:*
> > >
> > > 1) The sniffing interface is hard-coded at the moment. Is there a way
> to get
> > > the active interface in a prerule script? Alternatively I could change
> the
> > > rule to a hostrule. (and maybe a high enough runlevel to ensure the
> script
> > > runs first?)
> >
> > We don't have a way for scripts to get the list of interfaces, but
> > Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
> > It hasn't been added yet because there isn't a script to use it, but you
> > can make it a part of your patch if it helps.
> Please use the second version of the patch [1] and let us know if there
> are any bugs, and with that patch you can choose the network interface
> to use:
> * For prerule scripts: Nmap -e or -S options.
> * For hostrule/portrule: just use the host table (host.interface).
>
> e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
> eth0
>
> You can also check the type of the interface to report errors ... etc
>
>
> David just a note:
> The get_interface_info() function of the network interfaces patch should
> replace the nmap.get_interface_link() function.
>
> [1] http://seclists.org/nmap-dev/2011/q1/734
>
> --
> tixxdz
> http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/