mailing list archives
Re: [NSE] New script reverse-index
From: David Fifield <david () bamsoftware com>
Date: Sun, 27 Nov 2011 14:40:05 -0800
On Wed, Nov 23, 2011 at 05:19:37PM +0100, Patrik Karlsson wrote:
On Wed, Nov 23, 2011 at 1:36 AM, David Fifield <david () bamsoftware com>wrote:
On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:
Here's an attempt on creating the reverse-index script which is in the
high-priority list of the secwiki.
The script runs both as a hostrule, collecting port information for each
host and storing it in the registry, and as a portrule building the
based on the collected port data.
-- | tcp
-- | 22: 192.168.0.60
-- | 23: 192.168.0.100
-- | udp
-- |_ 5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
I would prefer output like this:
-- | tcp/22: 192.168.0.60
-- | tcp/23: 192.168.0.100
-- | udp/5353: 192.168.0.102, 192.168.0.1, 192.168.0.60
I wasn't sure how and if it's possible to create it as a postrule only
script as the secwiki documentation suggests.
No, I don't think so. You found a nice solution.
Anyway, please let me know if it turned out as expected and whether it
should go into any other categories than safe, so that it can be
Looks good. Great job!
While trying to address this I noticed something weird.
If I do the following:
port = nmap.get_ports(host, port, "tcp", "closed")
I get ALL ports regardless of their protocol or state. Is this really
According to my interpretation of the documentation I should only get
closed tcp ports, right?
Any ideas on what I need to do to fix this?
I can't reproduce this. I attached a script that has your example code.
My output is:
$ ./nmap --script=get-ports --top-ports 10 scanme.nmap.org -d
PORT STATE SERVICE REASON
21/tcp closed ftp conn-refused
22/tcp open ssh syn-ack
23/tcp closed telnet conn-refused
25/tcp closed smtp conn-refused
80/tcp open http syn-ack
110/tcp closed pop3 conn-refused
139/tcp closed netbios-ssn conn-refused
443/tcp closed https conn-refused
445/tcp closed microsoft-ds conn-refused
3389/tcp closed ms-term-serv conn-refused
Host script results:
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/