Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

List Archives

Latest Posts

Re: Development of NMAP Patrick Donnelly (Feb 09)
Thanks for your interest!

You may want to look at NSE [1] to see what you may want to do there.
(I'm not suggesting you exclude looking at other areas of Nmap :). Lua
(the language NSE uses) is fairly well known for work in AI.

I'm sure others will be along with good suggestions so stick around!

[1] http://nmap.org/book/nse.html

Development of NMAP Karol Pysniak (Feb 09)
Hi,
I have a few ideas about developing NMAP as my contribution to Google
Summer of Code. Can I post them here?

I am a computing student. I can program in Java/C++/C/Haskell/Assembler
(IA-32).

Some of my ideas involve, for example, adding 'learning' options to NMAP
(I'm especially interested in developing AI in NMAP).

Best wishes,
Karol Pysniak.

Re: [NSE] Raw ethernet frame questions and NSE library questions Fyodor (Feb 08)
Nice! It's worth noting for people who haven't been paying attention
that you're talking about your nmap-exp/kris/nse-rawip/ branch.

Ideally the ethernet-or-raw-socket decision should be made in exactly
the same way as the rest of Nmap's raw packet/frame sending
functionality.

Cheers,
-F

Re: [NSE] More library global problems Patrick Donnelly (Feb 08)
Well, if the script needs to start over for some reason, then it can.
Admittedly I haven't attempted to figure out what your library does or
what it's for. In general, scripts should be able to "restart" doing
some operation in a library. The "simplest" method is to discard the
state table and create a new one (from the script writer perspective).

Re: [NSE] More library global problems Patrick Donnelly (Feb 08)
Hi Patrik,

You need to use the actual thread as the index not the string. So:

req_id_tbl[coroutine.running()] = 1;

etc.

Also, strings are not considered a collectible object from a
weak-table perspective. See [1] (particularly, the last two
paragraphs) for a discussion on this.

You should also note in the documentation somewhere that the library
has static per-thread data. (Usually data like this is kept in some
sort of state (a table you...

Re: [NSE] More library global problems Patrik Karlsson (Feb 08)
Thanks! I've attached a proposed patch that uses a fully weak local table to store the request id's. I would appreciate
your comments before committing.

//Patrik

Re: [NSE] More library global problems Martin Holst Swende (Feb 07)
Patrick Donnelly wrote:

[...snip...]

That is not a global access problem, it is a null-reference in disguise
:) . I changed the name of that method to toBson. Will submit a patch
for that once I have made some better testcases that catch it and
ensures it works, for now though it is not a problem, since that is a
bson-encoder which is only called when creating queries - which are not
dynamic - and they are obviously not using that kind of...

[NSE] More library global problems Patrick Donnelly (Feb 07)
So we have some more global access problems (See [1] for history):

batrick () batbytes:~/old-nmap$ nse_check_globals
Checking nselib/afp.lua for bad global accesses
Found set global,'_', at line number 446.
Found set global,'_', at line number 490.
Checking nselib/base64.lua for bad global accesses
Checking nselib/citrixxml.lua for bad global accesses
Checking nselib/comm.lua for bad global accesses
Checking nselib/datafiles.lua...

Re: ncat http proxy server and SSL Markus Klinik (Feb 07)
As ncat_listen_stream already uses SSL, I'd like to reuse as much of
that code as possible. In particular, there is the function "ncat_recv"
which dispatches on whether SSL is compiled in and activated. It also
does this SSL_pending thing. It does delaying, telnet negotiation and
logging too.

So, here is the plan:

- replace socket_buffer.sd with an fdinfo
- make socket_buffer_readline use ncat_recv instead of recv
- make...

PostgreSQL match lines Patrik Karlsson (Feb 07)
I went through the source code for all PostgreSQL versions found here and updated the match lines:
http://ftp2.ua.freebsd.org/pub/FreeBSD/distfiles/postgresql/

The other match lines were based on actual responses, but the output from grep matched the lines I've already
collected. There's one or two new additions, but I've mainly just updated the version to be 'wider' eg. 8.2.6 - 8.2.15,
where the line returning the error was identical. In...

pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 06)
Hi all,

I just finished pgsql-brute.nse, a script that allows password guessing against PostgreSQL servers and the supporting
pgsql.lua library used for both version 2 and 3 of the protocol.

While developing the script I also noticed that the fingerprinting of PostgreSQL running version 3 of the protocol
could be improved a lot as error messages contains the file in which the error occurred and the line number. Currently,
the SMBProgNeg...

Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
That's great to hear!

I very much agree that having a better packet constructor would be a nice
improvement. Luckily the current way works and isn't complicated.

I also agree that Ethernet is quite simple, but there had might as well be set
of functions for it in the style of the IP (and TCP and whatever) ones. Like
you said, it's handy.

Thanks! :)

Cheers,
Kris Katterjohn

Re: [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 05)
Of course, I was just about to reply and send you the same on the
Windows status! I've been tinkering all evening.

I didn't write a new script yet, but given your approach in your
script, it would be nice to extend packet.nse for more packet
construction methods (instead of having to have a generic starter
packet). Then for special case ethernet, we could make a simple
ethernet.nse for ethernet construction methods, although given the
simplicity...

Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
I have now tested on both Linux and Windows XP, and it works nicely. I
would've tested on Windows sooner, but my dev environment had died so I had to
revive it today ;)

Cheers,
Kris Katterjohn

Re: More nsock socket_count_write_dec assert() failures Brandon Enright (Feb 05)
[...snip...]

I finally narrowed this down to a handful of hosts. I then narrowed
the assert() failure to the http-enum script.

$ sudo ./nmap --datadir . -sC --script="http-e*" -p 443 -d -v -v -T5 -PN <host>

Starting Nmap 5.20 ( http://nmap.org ) at 2010-02-05 23:30 UTC
[...]
Discovered open port 443/tcp on <host>
[...]
Initiating NSE at 23:30
NSE: NSE Script Threads (1) running:
NSE: Starting http-enum against...

More Lists

Dozens of other network security lists are archived at SecLists.Org.