Home page logo

nmap-dev logo Nmap Development mailing list archives

Ncrack discussion
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Thu, 14 May 2009 15:49:28 +0300

Ncrack is already in the stage of being coded but there are some pending issues
which need to be discussed.

1) Target-Service Specification

One of the most important issues is command-line target and service
specification. An easy-to-use and flexible scheme, like Nmap's, is the goal
here. I will provide some examples so that things are clearer that way:

Ex1: $ ncrack 10.0.0.*,, www.google.com -p22, 23

This will try to crack the default services on ports 22, 23 (ssh, telnet) for
hosts, and www.google.com

What happens if the user knows that the above hosts' services listen on
non-default ports? He should be able to specify that like this:

Ex2: $ ncrack 10.0.0.*,, www.google.com -p399, 4531 -s ftp, svn

This means that the user knows that the targets all have an ftp service that
listens on port 339 (non-default) and an svn service that listens on port
4531(non-default). The port list -p option and the -s service-name option should
be 1-1.

In addition Ncrack should be able to deduce the default ports just by naming the
services with -s (or --service).

Fyodor also suggested a url-like scheme like this:

Ex3: $ ncrack ssh://scanme.nmap.org:22, ftp://foo.bar.org:3000, bar.acme.org:21,

which will crack:
scanme.nmap.org for ssh on port 22,
foo.bar.org for ftp on port 3000 (non-default)
bar.acme.org for ftp (deduced from default port 21) on port 21
scanme.nmap.org for ftp on default port 21

I believe that supporting all schemes (Ex1, Ex2, Ex3) is the way to go. What do
you think?

2) Ncrack Input from Nmap Output

Ncrack is probably going to be used after a Nmap scanning has taken place. This
means that being able to parse Nmap's output and trying to crack all the
services that Ncrack can handle is a good idea. iirc they are already some
parsers out there that do the job? Could someone point me to them? Additionally,
should we be able to support every output format parsing (surely the grepable
one should be the easiest).

That is all for now.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]