Nmap Development mailing list archives
Re: Passive nmap scanning via ShodanHQ
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 8 Mar 2016 13:46:45 -0600
Glenn, Thanks for doing this! It's an awesome script that further illustrates the ability to get open-port information from non-traditional sources. I have a few feedback items that would be blockers to including it in Nmap. Sorry if this gets a little long, but these are issues that I think will improve the quality of your script. 1. Be sure to run the check script or use our git commit hooks to check for variables not declared local and other issues: https://secwiki.org/w/Nmap/Code_Standards#Tools_to_help 2. Please document why you are requiring openssl, since that will cause the script to fail if the user doesn't have it compiled in. I'm guessing this is because the Shodan API is HTTPS-only, so the script will fail otherwise. 3. You can keep the README references to hard-coding the API key, but the NSEdoc shouldn't mention that. We have the --script-args-file option for stuff like this. 4. Please include at least one reference link in the description that tells how to obtain an API key. 5. Have you tested the outfile capability? Scripts can be re-run in multiple phases, so doing actual file operations in file scope could obliterate someone's results. Put those operations into the action function. If it needs to run just once at the beginning, run it in the pre-scanning phase. See ssh-hostkey and snmp-interfaces for example scripts that take different actions dependent on the SCRIPT_TYPE global variable. 6. The prerule and postrule functions should be used only to determine whether the action should be run in that phase. The way you are using them (without a return statement), they will always return "nil", so the action is not run. But they should not be "doing" anything other than checking conditions and perhaps printing an error in verbose mode. 7. Please use stdnse.verbose and stdnse.debug and their related functions for output instead of print. https://nmap.org/nsedoc/lib/stdnse.html#debug 8. When using the registry, please use the script name (available as the global SCRIPT_NAME) as a key to avoid collisions with other scripts. "count" is a very generic name. 9. Use strbuf objects instead of strings if you plan to do repeated concatenation for string building. This avoids the classic performance trap of excessive reallocation. https://nmap.org/nsedoc/lib/strbuf.html 10. Use tab.lua for tabular data instead of simply tab-separated. This gives a better appearance when some fields are longer than others. https://nmap.org/nsedoc/lib/tab.html 11. Please return structured data so that it is more easily extracted from the XML output. https://nmap.org/book/nse-api.html#nse-structured-output This is really neat, and I look forward to including it in Nmap. Dan On Thu, Mar 3, 2016 at 10:40 AM, Glenn Wilkinson <glenn.wilkinson () gmail com> wrote:
Hi all, Here's a nse script to do passive scanning, querying the Shodan API: https://github.com/glennzw/shodan-hq-nse Example usage: https://asciinema.org/a/f0unqk9uxbe6yeu22zpqu5xgz Tweet to RT/whatever if you're into such things: https://twitter.com/glennzw/status/705430341650096129 Cheers, Glenn _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Passive nmap scanning via ShodanHQ Glenn Wilkinson (Mar 03)
- Re: Passive nmap scanning via ShodanHQ Jacek Wielemborek (Mar 04)
- Re: Passive nmap scanning via ShodanHQ Jacek Wielemborek (Mar 16)
- Re: Passive nmap scanning via ShodanHQ Daniel Miller (Mar 08)
- Re: Passive nmap scanning via ShodanHQ Glenn Wilkinson (Mar 17)
- Re: Passive nmap scanning via ShodanHQ Jacek Wielemborek (Mar 04)