Nmap Development mailing list archives
Nmap/Metasploit Integration
From: Fyodor <fyodor () insecure org>
Date: Tue, 15 Mar 2011 16:59:51 -0700
Hi Folks. This message just popped up on the Metasploit blog: http://blog.metasploit.com/2011/03/nmap-in-my-metasploit-its-more-likely.html It basically says that they are impressed by NSE and have added an auxiliary module for better Nmap integration. Their first module to use this integration is oracle_login, which calls Nmap with the oracle_brute (http://nmap.org/nsedoc/scripts/oracle-brute.html) script and then parse the results. I grabbed the latest oracle_login.rb from their svn repository and it doesn't look like they give Nmap or oracle_brute author Patrik Karlsson any credit in the script description, etc. I'll bug them about that :). OpenVAS does a much better job at at least crediting Nmap when they use our scripts. Hopefully this integration leads to Metasploit contributors seeing the value of writing new scripts upstream in Nmap so that they can be used by both products. If they only make use of our existing scripts, that doesn't really help the Nmap project (though it could still help our many shared users). Anyway, it is an interesting development. Here is the text of their blog post: Nmap? In my Metasploit? It's more likely than you'd think! If you've been paying any attention to the open source security software space, you've probably noticed that one of our favorite tools, nmap, ships with a pretty serious scipting engine. NSE allows users to run scripted interactions on discovered services, and lately, the repository of those scripts has exploded. As of the 5.50 release of nmap, there are 177 scripts and 54 supporting libraries, covering all sorts of protocols you're likely run into during a pen-test engagement. In order to capitalize on this work, I put together a Metasploit mixin to make development of Metasploit-driven NSE scripts pretty easy and straightforward, as well as an example Metasploit module to test for default Oracle database credentials. You can get a hold of these with a checkout from the svn repository: svn co https://metasploit.com/svn/framework3/trunk msf3 Modules that include Msf::Auxiliary::Nmap will now have a few handy methods available to them; most notably, the nmap_run() and nmap_hosts() methods. The first gets a hold of the locally-installed nmap binary and module-defined arguments, and runs the proscribed nmap scan and scripts configured by the module in a consistent, platform-independent way. Nmap_hosts() takes the XML log file produced by nmap_run(), parses out all the host nodes, and passes those back to the module to deal with as it will -- modules can format and display results on the console, log to the database, or perform more follow-on actions. I'm really excited about the practical collaboration opportunities this integration creates between the nmap and Metasploit communities. If someone writes a wicked fast NSE script for doing interesting things on the network via nmap, Metasploit users can now pretty easily take advantage of the research. Metasploit has supported importing Nmap scan results for a while now, but this mechanism is more direct, more real-time, and can be more specialized to take advantage of specific NSE scripts. Generated by todb at 3:02:00 PM Generated by todb at 3:02:00 PM. Tuesday, March 15, 2011 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap/Metasploit Integration Fyodor (Mar 15)
- Re: Nmap/Metasploit Integration Tod Beardsley (Mar 15)