Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Abuse007 <abuse007 () gmail com>
Date: Wed, 30 Mar 2011 21:20:26 +1100

Don't default to filtering for ip, you will miss ARPs, IPv6 and any other non-IP packets that leak IP addresses. 
Default should be no filter IMO.

On 30/03/2011, at 9:41 AM, Djalal Harouni <tixxdz () opendz org> wrote:

On 2011-03-28 18:41:43 +0100, Nick Nikolaou wrote:
Good idea, thanks.

I made all the changes.
Thanks again for your help.
target.add() will return some info, you can use it to print how many
targets where added.

Since this kind of scripts can be very powerful, here are more ideas:

* Add a new argument targets-sniffer.bpf: a Berkeley Packet Filter
 expression, which will be passed to pcap_open(), this way users
 can choose their targets, if this argument is not present then default
 to "ip".

* If the 'newtargets' argument is not specified, then the script should
 print some info taken from the captured packets.

* Perhaps we should add a regular expression to search in packets, or
 turn this script in a fully capable ngrep [1]. This can be useful like
 sniff some clear text protocols, find some useful strings and pass them
 to the brute force scripts. I think that we can find different
 scenarios, not just strings but even protocols and their _fields_.
 There are some machines which like to share their OS type, version ...
 when broadcasting, and this data can be very helpful to Nmap, to sum
 it up: consider the old passive techniques.

* Turn Nmap into Vi or Emacs ...

[1] http://ngrep.sourceforge.net/

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault