mailing list archives
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 22 Feb 2011 14:47:53 +0100
I recently mentioned an idea, in one of many mssql mails, about implementing named probes.
I'm starting a new thread regarding this idea incase someone missed it in between all the mssql stuff.
What I would like to achieve is to address the problem that the "force patch" attempts to solve, but in a slightly
By adding support for running one or more probes by name, one could target a number of ports and only run the probes
specified on the command line in order to do a very quick fingerprint.
Instead of forcing scripts to run against each open port, the scripts would only run if the services were properly
detected as the targeted ones.
The following example attempts to detect ms-sql or oracle servers running in the following port spans 1433-1500 and
Once detected the correct brute script will be launched against the service.
nmap -sV -p 1433-1500,1521-1600 220.127.116.11 --probes ms-sql-s,oracle-tns --script oracle-brute,ms-sql-brute
The following example attempts to fingerprint any http-servers running on the ports 80,443 or 8080, 8443.
For each detected http-server the http-title script is executed
nmap -sV -p 80,443,8080,8433 --probes GetRequest --script http-title
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- named probes Patrik Karlsson (Feb 22)