Nmap Development mailing list archives
using previously discovered hosts, ports, and services?
From: Royce Williams <royce () techsolvency com>
Date: Tue, 29 Apr 2014 22:09:13 -0800
What is the simplest way to use existing lists of IP:port sets for use with multiple separate runs of service discovery, or recycling existing IP:port:service sets for use with multiple script runs? Ideally, it would be great to be able to pass a 'grepable'-style host/port file straight to -iL, and have nmap DWIM, skip discovery, and go straight to service detection. If services were also supplied, nmap could go straight to running requested scripts. Details and use cases follow. I would like to do something like the following: 1. Run a simple host and port discovery, saving the results. 2. Feed discovery results from #1 into various levels of service detection until I find the combination that I need, then run that service detection against the entire corpus. Save the results. 3. Feed service detection results from #2 into various scripts as needed. I know that I can feed a list of discovered IPs to nmap, which would accomplish part of the goal, but I don't think that I can also pass a list of which specific ports were discovered for each IP, as in: 192.0.2.1:80 192.0.2.1:443 192.0.2.2:389 192.0.2.4:5900 ... etc. I've also read up on '--resume', but it sounds like it would not provide the granular control that I'm looking for. It won't let me decide to use a different script, or easily combine sets of discovered hosts and ports, or easily repurpose existing discovery data. I would also like to be able to combine multiple host/port sets, including "pre-discovered" data from non-nmap sources, into a single corpus. This would also be great to "prime the pump" for service detection by using output from a previous run. Nmap could quickly verify existing hosts, ports and services, and fall back to the general discovery and detection routines if there's a mismatch. (Could this improve performance for re-scanning existing networks?) If there's no direct support for reusing discovery, is it possible to construct an artificial log file (for use with --resume) that accomplishes the same result? (The 'grepable' format looks simplest, and I could write a script that would convert other data into grepable format.) Or could I do an ordinary host/port/service run, save the logfile off, and then modify the logfile to let me "resume" at the point that a script would have started? If there is already a way to do this, please let me know which search terms would have turned it up. Otherwise, please consider this a feature request. :-) Royce _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- using previously discovered hosts, ports, and services? Royce Williams (Apr 30)
- Re: using previously discovered hosts, ports, and services? Daniel Miller (May 21)
- <Possible follow-ups>
- using previously discovered hosts, ports, and services? Royce Williams (Apr 30)