Re: Extending NMap UDP Payloads

[Daniel Miller <bonsaiviking () gmail com>]

Tim,

You can definitely do this, but only one payload will be sent during the
port scan phase. If you want to change that payload, which is used to
elicit an application response to determine if the port is open, then make
the change to the nmap-payloads file. If you want to leave that probe, but
use a different one for version detection (which can confirm that a port is
open instead of just open|filtered), then add a Probe line to
nmap-service-probes.

Supporting multiple payloads would be an interesting idea. We'd have to
decide whether to send additional ones after a full timeout of the first
probe or after a shorter time, and whether to increase the number of
retries based on the number of payloads available.

Dan

On Wed, Jan 4, 2017 at 8:24 AM, Tim Tim <projectgithub007 () gmail com> wrote:

> Hi All,
>
> I have a theoretical question I was hoping someone could assist me with.
> If I wanted to add my own UDP probes into NMap for ports that already have
> a payloads associated with them e.g. DNS UDP 53. Is this currently possible
> within NMap - is it as simple as adding a new entry within the
> nmap-payloads file, or will NMap only test a single payload?
>
> Apologies if this is clear and I am being foolish.
>
> Many Thanks
>
> TW
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/