Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Ncrack command-line interface overview
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Sun, 17 May 2009 15:34:05 +0300

sara fink wrote:

2) the user will have to specify too many times the same thing if he wants
crack different services for the same host and even more times if he wants
crack different services for many different hosts

I don't know if it's easy or difficult to implement, but here is my idea:
instead of  writing ssh://url:port something like this will appear:
from a file using the -iL flag to ncrack,  on each line will appear the
hostname:2000-3000 where 2000-3000 is the port range.
hostname will be in the following syntax example.com instead of
http://example.com:2000-3000 (which obviously wouldn't be correct)
syntax as I would see it: ncrack -iL <file or ncrack -iL file and in that
file what I wrote above.

The current implementation already supports specifying multiple ports for either
a host or a hostgroup. However, other problems arise when we want to uniquely
specify host-service-specific arguments instead of global-service arguments.
As for the -iL option, Ncrack will have to support host-service specification
input from both a file and the command-line interface. However, they must be
uniform (which currently are), except for the option where the input file will
be a Nmap formatted one: see -iX,iN,iG options in first email of this thread.

The * is another good approach.

This is already supported but it only affects the fact that we can specify
multiple hosts for one service. The problem with the url-like approach (if we
choose to implement it) is that we also won't be able to specify multiple
services for one host without writing the same host multiple times (as many
times as the services it will be cracked against).

Having seen the above, it would be best if we conclude to the final
this time, since we now have the complete picture of what might be needed.

Waiting to hear your suggestions,

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]