mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 23 Mar 2011 00:32:51 +0100
On 2011-03-22 11:56:19 -0700, David Fifield wrote:
On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
Attached is a draft of a targets-sniffer script. The script sniffs for a
configured amount of a time and adds addresses from packets it sees in
In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.
You can do this: target.add(unpack(array_of_targets))
*Issues that need to be resolved:*
1) The sniffing interface is hard-coded at the moment. Is there a way to get
the active interface in a prerule script? Alternatively I could change the
rule to a hostrule. (and maybe a high enough runlevel to ensure the script
We don't have a way for scripts to get the list of interfaces, but
Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
It hasn't been added yet because there isn't a script to use it, but you
can make it a part of your patch if it helps.
Please use the second version of the patch  and let us know if there
are any bugs, and with that patch you can choose the network interface
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).
e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e eth0
You can also check the type of the interface to report errors ... etc
David just a note:
The get_interface_info() function of the network interfaces patch should
replace the nmap.get_interface_link() function.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/