nmaprc.lua?

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Hi,

While reading the Fyodor's book „Nmap Network Discovery”, it struck 
how much does Nmap turn on by default when I just type in „nmap 
example.org”. There are host discovery defaults, reverse scanning 
features, determining scan type based on whether the user is root or 
not... I have to admit I didn't know of most of the nmap features prior 
to reading the book. 

Now that I know them, I thought it over and figured that some of the 
nmap users could prefer to alter the defaults, so that a bare nmap 
command with just the host specification and no additional switches 
would for example scan keep scanning for top 10 ports instead of 
1000 of them or disable default reverse DNS queries. I can imagine 
quite a few use cases for this feature.

While using Zenmap, I had the feeling that the „profiles” feature fits 
nicely into the CLI nmap binary. With nmaprc.lua you could define an 
associative array called „profiles” which would contain the presets. 
This way, without typing a few-lines long command, one could run 
nmap –profile=stealthy example.org”.

Of course, while implementing this feature, it is important to 
remember about security. Since quite a lot of folks use nmap using 
root account, as bonsaiviking pointed out on the IRC, the nmaprc.lua 
has to be implemented in a way that prevents arbitrary command 
execution. It might be a good idea to ignore the file at all if anybody 
but its owner can write to it.

Using Lua for this project would make this feature open for interesting 
use cases – for example, somebody could with hardly any effort make 
his nmap warn him about scanning the company's internal network 
during working hours and automatically switch to a „light-traffic” 
profile. I believe this could be an interesting project.

What do you think of this feature?

Yours,
d33tah
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/