Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: Scripting NMAP -> or maybe NSE?"

Re: Scripting NMAP -> or maybe NSE?"

From: Brandon Enright <bmenrigh_at_ucsd.edu>
Date: Tue, 27 Feb 2007 06:15:44 +0000

On Mon, 26 Feb 2007 17:34:34 -0500
Jess <jess_at_thecharbneaus.com> wrote:

> Hello,
> Reposting this in the nmap-dev list per suggestion from Fyodor.
>
> I wrote a perl script several years ago that would catalog all of the
> open ports on our network (the network I worked on at the time). I was
> perusing my code recently, and noticed that I had originally built this
> to run as root. With the newer operating systems, specifically the Linux
> distro's, most are using sudo. So I was looking through the mailing list
> archives at insecure.org, and noticed that there is now a NSE.
>
> The overall idea of this app is to run daily, and catalog all of the open
> ports, then run the next day and compare the results. Kind of like a
> AIDE for the network.
>
> So, I guess I have two questions:
>
> 1.> Is sudo safe for this? I would like to run my scripts (I am
> rewriting now) as monitor, but make a call to nmap to get port
> information for the current host in the scan. Is sudo a good method?
> Any suggestions around the best way to implement this? It seems I have
> read articles/man pages saying that sudo is not so good as it "remembers"
> the credentials for a given user. Thoughts?
>
> 2.> NSE. Is this better/worse for scripting of nmap? Pros/Cons?
>
> Thanks Everyone!
>
> Jess
>

I'm assuming if you are trying to do this in a script sudo will be
passwordless. Give "sudo nmap --interactive" and then "!/bin/bash" a try
and you'll probably decide you don't want to go the sudo way.

One of the more common Unix ways to run a binary securly as root in a
script or for unprivileged users is to make a small (compiled) program that
understands a few preset command line options and is SUID'd to root.

Something like this pseudo C here:

/* Run Nmap securely as root */

#include <stdlib.h>
#include <stdio.h>

int main (...) {

   /* whatever needs to be here */

   if (arg1 == "quick") {
      system("nmap -T5 -v ... -oA default_file <preset ips>");
   }
   else if (arg1 == "everything") {
      system("nmap -sV -O2 -v -p- -T4 ... -oA default_file <preset ips>");
   }
   else if { /* you get the idea */ }

   /* More of whatever needs to be here */

}

Then you would compile your program and do a "chmod +s root_nmap". If you
wanted root_nmap to be able to actually take IPs rather than have preset
scans you'll need to be EXTRA careful that you don't allow anything other
than IPs.

I bet more than one person on this list has a nice little nmap root wrapper
that understand presets or a very limited set of options and would be
willing to share.

Brandon 

-- 
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh_at_ucsd.edu
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 26 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]