Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Boolean Operators for --script (again)
From: Patrick Donnelly <batrick.donnelly () gmail com>
Date: Tue, 7 Apr 2009 18:52:11 -0600

Attached is a patch similar to [1] that allows a user to specify
categories with boolean operators. The engine uses Lua to compile the
comma delimited "rules" and global variables to neatly achieve this.

A couple examples:

batrick () li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "Default and
Intrusive" localhost
Fetchfile found ./nmap-services
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:43 MST
[...]
NSE: Loaded 7 scripts for scanning.
NSE: Loaded 'dns-zone-transfer.nse'.
NSE: Loaded 'dns-recursion.nse'.
NSE: Loaded 'http-open-proxy.nse'.
NSE: Loaded 'ftp-bounce.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'ssh-hostkey.nse'.
NSE: Loaded 'ms-sql-info.nse'.
[...]


batrick () li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "Default and not Intrusive"
 localhost
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:44 MST
[...]
NSE: Loaded 17 scripts for scanning.
NSE: Loaded 'mysql-info.nse'.
NSE: Loaded 'smb-os-discovery.nse'.
NSE: Loaded 'irc-info.nse'.
NSE: Loaded 'upnp-info.nse'.
NSE: Loaded 'auth-owners.nse'.
NSE: Loaded 'smtp-commands.nse'.
NSE: Loaded 'realvnc-auth-bypass.nse'.
NSE: Loaded 'nbstat.nse'.
NSE: Loaded 'rpcinfo.nse'.
NSE: Loaded 'sshv1.nse'.
NSE: Loaded 'pop3-capabilities.nse'.
NSE: Loaded 'sslv2.nse'.
NSE: Loaded 'finger.nse'.
NSE: Loaded 'snmp-sysdescr.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'html-title.nse'.
NSE: Loaded 'robots.txt.nse'.
[...]


batrick () li50-61:~/nmap/svn/nmap$ ./nmap -d2 --script "auth, demo or
default" localhost
Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-07 17:49 MST
[...]
NSE: Loaded 32 scripts for scanning.
NSE: Loaded 'dns-zone-transfer.nse'.
NSE: Loaded 'dns-recursion.nse'.
NSE: Loaded 'smtp-open-relay.nse'.
NSE: Loaded 'snmp-brute.nse'.
NSE: Loaded 'http-open-proxy.nse'.
NSE: Loaded 'mysql-info.nse'.
NSE: Loaded 'pop3-brute.nse'.
NSE: Loaded 'ftp-bounce.nse'.
NSE: Loaded 'smb-os-discovery.nse'.
NSE: Loaded 'irc-info.nse'.
NSE: Loaded 'ftp-brute.nse'.
NSE: Loaded 'upnp-info.nse'.
NSE: Loaded 'auth-owners.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'http-auth.nse'.
NSE: Loaded 'ssh-hostkey.nse'.
NSE: Loaded 'smtp-commands.nse'.
NSE: Loaded 'realvnc-auth-bypass.nse'.
NSE: Loaded 'nbstat.nse'.
NSE: Loaded 'smb-brute.nse'.
NSE: Loaded 'rpcinfo.nse'.
NSE: Loaded 'sshv1.nse'.
NSE: Loaded 'ms-sql-info.nse'.
NSE: Loaded 'pop3-capabilities.nse'.
NSE: Loaded 'sslv2.nse'.
NSE: Loaded 'finger.nse'.
NSE: Loaded 'snmp-sysdescr.nse'.
NSE: Loaded 'telnet-brute.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'ftp-anon.nse'.
NSE: Loaded 'html-title.nse'.
NSE: Loaded 'robots.txt.nse'.
[...]



Categories are still case insensitive but the boolean operators must
be lower case. The only possible problem with this new feature is one
could explicitly specify "version", although I don't it as a big deal:

./nmap --script "not not version" localhost

Cheers,

-- 
-Patrick Donnelly

"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."

-Will Durant

Attachment: bool.patch
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]