Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 23 Mar 2011 00:32:51 +0100

On 2011-03-22 11:56:19 -0700, David Fifield wrote:
On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
Hello everyone,

Attached is a draft of a targets-sniffer script. The script sniffs for a
configured amount of a time and adds addresses from packets it sees in
newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)
In your script I see that you have a check for duplicates new targets,
you can drop it. Nmap internals already do this check, and if you want
to see it just use -d3.

You can do this: target.add(unpack(array_of_targets))

*Issues that need to be resolved:*

1) The sniffing interface is hard-coded at the moment. Is there a way to get
the active interface in a prerule script? Alternatively I could change the
rule to a hostrule. (and maybe a high enough runlevel to ensure the script
runs first?)

We don't have a way for scripts to get the list of interfaces, but
Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
It hasn't been added yet because there isn't a script to use it, but you
can make it a part of your patch if it helps.
Please use the second version of the patch [1] and let us know if there
are any bugs, and with that patch you can choose the network interface
to use:
* For prerule scripts: Nmap -e or -S options.
* For hostrule/portrule: just use the host table (host.interface).

e.g: ./nmap -sL --script targets-sniffer.nse --script-args=newtargets -e eth0

You can also check the type of the interface to report errors ... etc

David just a note:
The get_interface_info() function of the network interfaces patch should
replace the nmap.get_interface_link() function.

[1] http://seclists.org/nmap-dev/2011/q1/734

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]