Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Ncrack discussion
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Fri, 15 May 2009 00:42:21 +0300

jah wrote:
On 14/05/2009 21:27, ithilgore wrote:
However, using brackets will involve having to escape them in most shells. Since
we want to avoid that, another character might be more appropriate. What about
using slashes?
I suggested brackets because Nmap allows their use in port specification:
nmap -p [-1024]

It does, but that doesn't mean that it is safe to do so. Nmap's man page
mentions that:

"Ranges of ports can be surrounded by square brackets to indicate ports inside
that range that appear in nmap-services. For example, the following will scan
all ports in nmap-services equal to or below 1024: -p [-1024]. Be careful with
shell expansions and quote the argument to -p if unsure."

Brackets are used in most shells as character-class regular expression matchers.

to mean (in this case) TCP ports listed in nmap-services up-to and
including port 1024.  I wasn't aware that they might need to be escaped.
Slashes do indeed look ugly and it also looks like a path separator.
How about:

ncrack scanme.nmap.org<ftp:9000>

or perhaps not even enclosing the proto:port list:

ncrack scanme.nmap.org:21,22,ftp:9000 foo.bar.com:telnet:9000,ssh:9001

and maybe allow a few variations on the separator between the host and
it's ports/services - such as : or + or % or @

Perhaps offering a few variations including / and < > is the way to go.
Brackets may also be supported but the user will be warned to escape them if
need be.


-- ithilgore

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]