Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: script syntax in nmap

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 27 Nov 2014 15:41:49 -0600
On Thu, Nov 27, 2014 at 11:56 AM, Mike . <dmciscobgp () hotmail com> wrote:


hello all

maybe i am asking a dumb question here, i do apologize. i assumed when one
used a script call on it's own like this :   nmap -n -Pn -vv -T4
-max-retries 1 -reason -script=dns-service-discovery 192.168.0.12 it would
then know AUTOMATICALLY to fill in the proper port and protocol so we
wouldn't have to. instead of me adding the 5353/udp, i just thought it
would realize the user wants to fire off an EXACT script at a target and we
would obviously be after the port/ports it affected. am i reading this
wrong?



Mike,

This is a little different than how NSE scripts actually work. Scripts have
an internal "rule" function that can choose which ports to run against. In
this case, it's very simple:

 portrule = shortport.portnumber(5353, "udp")

But in other cases, it can be very complex. It is impossible to statically
determine which ports will "match" a particular script rule. Instead, you
must specify which ports and protocols to scan, in conjunction with
specifying the scripts. Even then, the script may not run if you choose a
combination that doesn't make sense: -p 80 --script dns-service-discovery
for instance.

You can *force* a script to run against any port Nmap finds open by
prepending a + to the script's name. Then this: -p 80 --script
+dns-service-discovery will run the script even against web servers. This
is very rarely useful.

Usually, if you are having trouble getting a script to run against a
particular port (and the port is not named explicitly in the script),
adding -sV will let Nmap discover the service name, which opens up a lot
more scripts to execution. This is the case when you want to run
ssl-enum-ciphers on services running SSL on odd ports like 4444/tcp, for
example.

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: