Home page logo

nmap-dev logo Nmap Development mailing list archives

named probes
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 22 Feb 2011 14:47:53 +0100

Hi all,

I recently mentioned an idea, in one of many mssql mails, about implementing named probes.
I'm starting a new thread regarding this idea incase someone missed it in between all the mssql stuff.

What I would like to achieve is to address the problem that the "force patch" attempts to solve, but in a slightly 
different way.
By adding support for running one or more probes by name, one could target a number of ports and only run the probes 
specified on the command line in order to do a very quick fingerprint.
Instead of forcing scripts to run against each open port, the scripts would only run if the services were properly 
detected as the targeted ones.

The following example attempts to detect ms-sql or oracle servers running in the following port spans 1433-1500 and 
Once detected the correct brute script will be launched against the service.
nmap -sV -p 1433-1500,1521-1600 --probes ms-sql-s,oracle-tns --script oracle-brute,ms-sql-brute

The following example attempts to fingerprint any http-servers running on the ports 80,443 or 8080, 8443.
For each detected http-server the http-title script is executed
nmap -sV -p 80,443,8080,8433 --probes GetRequest --script http-title

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • named probes Patrik Karlsson (Feb 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]