Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Nmap SoC Ideas?
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 22 Mar 2010 20:27:46 +0100


On 22 mar 2010, at 02.11, Djalal Harouni wrote:

On 2010-03-21 17:59:42 -0500, Ron wrote:
On Sun, 21 Mar 2010 14:53:04 -0700 Fyodor <fyodor () insecure org> wrote:
o [NSE] Maybe we should create a class of scripts which only run one
 time per scan, similar to auxiliary modules in Metasploit. We
 already have script classes which run once per port and once per
 host. For example, the once-per-scan class might be useful for
 broadcasted scripts such as NetBIOS, DHCP, etc.  We will of course
 need to have at least one such script to start out with. (suggested
 by Ron Bowes at http://seclists.org/nmap-dev/2010/q1/883).

If I can write two scripts of that type pretty easily when the time comes -- DHCP and NetBIOS. Can anybody suggest 
other broadcast protocols? 

Here is mine (perhaps as GSoC):

- Avahi (zeroconf) [1] for service discovery on lans, avahi uses multicast
 DNS service discovery and some other stuff ...

It can show ssh, sftp (ssh ftp), nfs, smb, media boxes, printers ...
on a lan. I have seen it on small lans with ubuntu boxes, using the 
"network://" feature on nautils [2].
Images of nautils with "network://" found on the web:
http://img90.imageshack.us/my.php?image=83103217gu9.png
http://img259.imageshack.us/my.php?image=46306862qe0.png

The protocol and script is pretty much there already as: dns-service-discovery.nse
It would obviously have to be adapted to work over broadcast though.

Probably there other programs with the same fonctionalities.

Of course all this stuff is for easy use wich can lead to security
issues if the correct configs are not applied.

So this is a perfect once-per-scan case and it will be a cool NSE script.
As i'am hoping to apply to GSoC i will add more ideas.

[1] http://avahi.org/
[2] http://www.gnome.org/projects/nautilus/

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-- 
Djalal
http://dzcore.wordpress.com
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault