Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Sat, 26 Mar 2011 15:16:48 +0000

Hey guys,

I made some changes to the script:

1. Added support for Djalal's interface patch. The user can now select the
interface using -e. If an interface is not specified the script falls back
to eth0. If that doesn't work it prints an error message.

2. The script now gets the local IP address using the get_interface_info()
function and makes sure that it's never added to newtargets.

3. Since nmap checks for duplicates when adding the IP addresses to
newtargets, there no reason for the script to do it.

4. The script now prints an error message when not ran as root.

Thanks for your feedback.

I still couldn't get the socket to timeout properly which seems to be the
main problem at the moment. I'm also having some trouble getting the IP
addresses using the packet library.

Once again, I appreciate any feedback.


Cheers,
Nick


On 24 March 2011 21:49, Nick Nikolaou <nikolasnikolaou1 () gmail com> wrote:

On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:

In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.


Hey Djalal, I suspected that but forgot to confirm it. Thanks.

You can do this: target.add(unpack(array_of_targets))


Thanks, made the changes.

Please use the second version of the patch [1] and let us know if there
are any bugs, and with that patch you can choose the network interface
to use:
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).


e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
eth0


I just applied the patch. I 'll report back once I get some spare time to
make the changes to the script.

Nick

On 22 March 2011 23:32, Djalal Harouni <tixxdz () opendz org> wrote:

On 2011-03-22 11:56:19 -0700, David Fifield wrote:
On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
Hello everyone,

Attached is a draft of a targets-sniffer script. The script sniffs for
a
configured amount of a time and adds addresses from packets it sees in
newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)
In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.

You can do this: target.add(unpack(array_of_targets))

*Issues that need to be resolved:*

1) The sniffing interface is hard-coded at the moment. Is there a way
to get
the active interface in a prerule script? Alternatively I could change
the
rule to a hostrule. (and maybe a high enough runlevel to ensure the
script
runs first?)

We don't have a way for scripts to get the list of interfaces, but
Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
It hasn't been added yet because there isn't a script to use it, but you
can make it a part of your patch if it helps.
Please use the second version of the patch [1] and let us know if there
are any bugs, and with that patch you can choose the network interface
to use:
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).

e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e
eth0

You can also check the type of the interface to report errors ... etc


David just a note:
The get_interface_info() function of the network interfaces patch should
replace the nmap.get_interface_link() function.

[1] http://seclists.org/nmap-dev/2011/q1/734

--
tixxdz
http://opendz.org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault