Re: Ideas for nmap development

[Toni Ruottu <toni.ruottu () iki fi>]

Maybe someone who uses nmap and metasploit together could tell what
the biggest problems in that combination are. What would be the best
way to make that workflow more efficient? Should nmap print metasploit
commands that the user could just cut and paste to the console? I do
not believe that nmap can beat metasploit in this area, but maybe
interoperability can be improved.

The problem is that exploits may enable one to do all kinds of things
to a vulnerable system. It is not clear you want to do all of those
things. For example some versions of NetBus let you bypass
authentication. The netbus-auth-bypass script detects this and reports
it to the user. We also make use of the vulnerability in netbus-info,
as it is important for the admin to see what kind of information the
service leaks through. However we do not use auth bypass to perform
any operations on the vulnerable system.

The reason why we do not perform operations on systems is that nmap
does not have a way for defining operations. We'd first need a way of
telling nmap: change password of all discovered systems to "kallisti".
Then we could write setpwd-scripts to automate the task for different
protocols. This might not be a bad idea, but the tasks to perform
should not require interaction. Thus metasploit would still remain the
way to go for more complex tasks.

On Sun, Apr 3, 2011 at 9:21 PM, Manik Jindal <manikjindal () gmail com> wrote:
> Hello,
>
> I am a student of IITH pursuing B.Tech (2nd yr., CSE).
> I got the following ideas:
>
> 1. *Detect vulnerabilities and attack*
>   nmap can detect applications along with their versions, binded with
> ports.
>   If it also tells about the possible attacks, it will be a more better
> tool.
>   Attacking option can also be embeded, which requires only a script for
> each attck.
>
>   *How to implement*
> **
>
>   1. Query CVE database with application name and version, which tells
>   almost all the possible vulnerabilities.
>   2. List all of them.
>   3. Ask for an attack.
>   4. Choose script(if already present in nmap-attack database, may
>   available on nmap server or local machine) or asks for script file.
>   5. Attack, by running script.
>
>   *Script content*
>
>   1. On which port to attack
>   2. What packets to be send
>   3. Type of packets
>   4. If any communication requires, it will also be explained in it.
>   5. If an attack requires some information from user, it can ask.
>
>
>   *Requirements to run script:*
>   A script engine.
>   Engine can either be NSE (if possible) or a new script engine.
>
> 2. *nmap for Mobile platforms*
>
>   In todays life mobiles have a special character. It will be better to
> have nmap for mobiles.
>   It will give portability to nmap users.
>
>   Users can scan networks during travelling, and even at those places where
> laptops are not handy to use. And it will be useful at public places where
> obviously an hacker do not want to show results to any one.
>
>   Its better to develop nmap for Android platform, coz of market
> statistics.
>
> Hope you like my ideas.
>
> Thank You.
>
> --
> Manik Jindal
> CSE 2nd Year,
> IIT Hyderabad.
> +91 94933 29820
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/