Re: Passive nmap scanning via ShodanHQ

[Daniel Miller <bonsaiviking () gmail com>]

Glenn,

Thanks for doing this! It's an awesome script that further illustrates the
ability to get open-port information from non-traditional sources.

I have a few feedback items that would be blockers to including it in Nmap.
Sorry if this gets a little long, but these are issues that I think will
improve the quality of your script.

1. Be sure to run the check script or use our git commit hooks to check for
variables not declared local and other issues:
https://secwiki.org/w/Nmap/Code_Standards#Tools_to_help

2. Please document why you are requiring openssl, since that will cause the
script to fail if the user doesn't have it compiled in. I'm guessing this
is because the Shodan API is HTTPS-only, so the script will fail otherwise.

3. You can keep the README references to hard-coding the API key, but the
NSEdoc shouldn't mention that. We have the --script-args-file option for
stuff like this.

4. Please include at least one reference link in the description that tells
how to obtain an API key.

5. Have you tested the outfile capability? Scripts can be re-run in
multiple phases, so doing actual file operations in file scope could
obliterate someone's results. Put those operations into the action
function. If it needs to run just once at the beginning, run it in the
pre-scanning phase. See ssh-hostkey and snmp-interfaces for example scripts
that take different actions dependent on the SCRIPT_TYPE global variable.

6. The prerule and postrule functions should be used only to determine
whether the action should be run in that phase. The way you are using them
(without a return statement), they will always return "nil", so the action
is not run. But they should not be "doing" anything other than checking
conditions and perhaps printing an error in verbose mode.

7. Please use stdnse.verbose and stdnse.debug and their related functions
for output instead of print. https://nmap.org/nsedoc/lib/stdnse.html#debug

8. When using the registry, please use the script name (available as the
global SCRIPT_NAME) as a key to avoid collisions with other scripts.
"count" is a very generic name.

9. Use strbuf objects instead of strings if you plan to do repeated
concatenation for string building. This avoids the classic performance trap
of excessive reallocation. https://nmap.org/nsedoc/lib/strbuf.html

10. Use tab.lua for tabular data instead of simply tab-separated. This
gives a better appearance when some fields are longer than others.
https://nmap.org/nsedoc/lib/tab.html

11. Please return structured data so that it is more easily extracted from
the XML output. https://nmap.org/book/nse-api.html#nse-structured-output

This is really neat, and I look forward to including it in Nmap.

Dan

On Thu, Mar 3, 2016 at 10:40 AM, Glenn Wilkinson <glenn.wilkinson () gmail com>
wrote:

> Hi all,
>
> Here's a nse script to do passive scanning, querying the Shodan API:
>   https://github.com/glennzw/shodan-hq-nse
>
> Example usage:
>   https://asciinema.org/a/f0unqk9uxbe6yeu22zpqu5xgz
>
> Tweet to RT/whatever if you're into such things:
>   https://twitter.com/glennzw/status/705430341650096129
>
> Cheers,
> Glenn
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/