Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Thu, 24 Mar 2011 21:49:30 +0000


On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:
In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.


Hey Djalal, I suspected that but forgot to confirm it. Thanks.

You can do this: target.add(unpack(array_of_targets))


Thanks, made the changes.

Please use the second version of the patch [1] and let us know if there
are any bugs, and with that patch you can choose the network interface
to use:
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).


e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
eth0


I just applied the patch. I 'll report back once I get some spare time to
make the changes to the script.

Nick

On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:

On 2011-03-22 11:56:19 -0700, David Fifield wrote:
On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
Hello everyone,

Attached is a draft of a targets-sniffer script. The script sniffs for
a
configured amount of a time and adds addresses from packets it sees in
newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)
In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.

You can do this: target.add(unpack(array_of_targets))

*Issues that need to be resolved:*

1) The sniffing interface is hard-coded at the moment. Is there a way
to get
the active interface in a prerule script? Alternatively I could change
the
rule to a hostrule. (and maybe a high enough runlevel to ensure the
script
runs first?)

We don't have a way for scripts to get the list of interfaces, but
Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
It hasn't been added yet because there isn't a script to use it, but you
can make it a part of your patch if it helps.
Please use the second version of the patch [1] and let us know if there
are any bugs, and with that patch you can choose the network interface
to use:
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).

e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
eth0

You can also check the type of the interface to report errors ... etc


David just a note:
The get_interface_info() function of the network interfaces patch should
replace the nmap.get_interface_link() function.

[1] http://seclists.org/nmap-dev/2011/q1/734

--
tixxdz
http://opendz.org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault