Hi,
My two cents :P opinion and a question all in one. Where should the
line be drawn between what nmap should do / does and what tools that
use nmap should do? This is something easily done/implemented in
a higher level language .. I have a base banner grabber class
implemented in my Nmap::Scanner package. Maintenance-wise,
providing this functionality through a scripting language means
easier updates/enhancements.
It is pretty trivial to do this kind of thing using a parsing
module like mine or another XML nmap backend that has recently
been released to CPAN .. which was inspired by my module (according
to him) but takes a different, more lightweight, approach to the whole
parsing process and is definitely worthwhile to check out for those of
you interested in nmap output processors.
Parse::Nmap::XML (Anthony Persaud)
The point of all this, again, is:
* Where is the line between core functionality and add-on functionality?
* Is it better to add this kind of thing to the core of nmap or should
it be left for more RAD types of languages and output processors and
be kept out of the core?
I have been able to write Nmap diff scripts, nmap -> db persistence
scripts, nmap scan graphers, and nmap banner grabbers in 20-30 lines of
perl code (for each) using my own module and other CPAN modules
(Text::Diff, DBI, DBD, etc). The example scripts in my Nmap::Scanner
distro show some of this functionality.
Yes, an output processor will not match the performance of having nmap
do it all, but that is the trade off .. easier maintenance, greater
coder base, smaller core code base, with some speed losses and some
workarounds that need to be done in the output processors because they
are outside of the core.
I am not saying I have an answer to this question .. personally I would
prefer to do such kinds of higher-level functions in a higher level
language, but that is just me :).
Regards,
Max
On Tue, 02 Sep 2003 18:34:07 EDT, Bo Cato wrote:
> I personally would like to see a banner grab added to the list
> of nmap options. Actually I'd like it as a default for -sT scans
> privileged or unprivileged users.
>
> Coupling it with syn or other scans seems pointless. Obviously you're
> not going to get a banner with anything short of a full connect.
>
>
> Tuesday, September 02, 2003, 11:44:34 AM, you wrote:
>
> J> -----BEGIN PGP SIGNED MESSAGE-----
> J> Hash: SHA1
>
> J> On Tuesday 02 September 2003 10:54, Paul Johnston wrote:
> >> Hi,
> >>
> >> > Ah cool. Feature request - be able to do banner grab without doing syn
> >> > scan
> >> > first to see if open since if you're going to send a syn and then
> >> > banner grab
> >> > you might as well banner grab in the first place - from memory think
> >> > this is
> >> > a problem with nmap+V.
> >>
> >> The syn scan avoids the kernel's tcp implementation and does raw IP
> >> itself. After this, it's not generally possible to go back to using the
> >> kernel's tcp sockets, without starting the connection from scratch. So
> >> to support this nmap would need to contain either a full tcp
> >> implementation, or some highly platform specific hack.
>
> J> I think you missed my point. You can simply do a connect(2) to the port in
>
> J> question and grab the banner rather than doing a SYN scan first and then a
>
> J> banner grab.
>
> J> - -jamie.
>
> J> -----BEGIN PGP SIGNATURE-----
> J> Version: GnuPG v1.0.7 (GNU/Linux)
>
> J> iD8DBQE/VLrm0oWsN6bx+R0RAuYlAJwKKAIQrEFUIYPRkx6RbDc1QWF1SACfSbEE
> J> 0w3bDaB2i454VeG8lX+a8H4=
> J> =Jqep
> J> -----END PGP SIGNATURE-----
>
>
> J> ---------------------------------------------------------------------
> J> For help using this (nmap-dev) mailing list, send a blank email to
> J> nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
>
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Sep 02 2003
Intro
