mailing list archives
Re: Question on NSE script output
From: David Fifield <david () bamsoftware com>
Date: Fri, 5 Jun 2009 21:58:00 -0600
On Thu, Jun 04, 2009 at 10:19:39PM -0400, Sina Bahram wrote:
I have a question about NSE output in nmap.
I want to discover all ftp servers on a decent sized network which allow
anonymous login. Wonderful for me that there exists an NSE script to do
exactly this, but how do I get only those ip's?
I was thinking of just inserting a print to stderr of the ip and a yes/no
flag into the script then being able to grep on this? Is it possible to
print to STDERR in our NSE infrastructure?
I don't know of a way to print to stderr, but you can include the IP
address in the normal script output:
return host.ip .. " Anonymous FTP login allowed"
I'm sure there's a much prettier way, and since I tend to despise hacks for
no good reason, I look forward to hearing about a way of just getting the
ftp servers which allow anonymous login, somehow?
I can't grep the regular nmap output as the context crosses multiple lines,
and it becomes an awk script, if I really want to do it right, and I'd like
the data quick.
Without any script changes, you could get the list pretty quick with
egrep '(^Interesting ports |ftp-anon)' scan.log | grep -B 1 ftp-anon
Script output is a difficult case because it is mostly free-form text
that may be short or may be many lines.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org