Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New script reverse-index
From: David Fifield <david () bamsoftware com>
Date: Sun, 27 Nov 2011 14:40:05 -0800

On Wed, Nov 23, 2011 at 05:19:37PM +0100, Patrik Karlsson wrote:
On Wed, Nov 23, 2011 at 1:36 AM, David Fifield <david () bamsoftware com>wrote:

On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:
Hi,

Here's an attempt on creating the reverse-index script which is in the
high-priority list of the secwiki.
The script runs both as a hostrule, collecting port information for each
host and storing it in the registry, and as a portrule building the
output
based on the collected port data.

-- |   tcp
-- |     22: 192.168.0.60
-- |     23: 192.168.0.100
-- |   udp
-- |_    5353: 192.168.0.102, 192.168.0.1, 192.168.0.60

I would prefer output like this:

-- |   tcp/22: 192.168.0.60
-- |   tcp/23: 192.168.0.100
-- |   udp/5353: 192.168.0.102, 192.168.0.1, 192.168.0.60

I wasn't sure how and if it's possible to create it as a postrule only
script as the secwiki documentation suggests.

No, I don't think so. You found a nice solution.

Anyway, please let me know if it turned out as expected and whether it
should go into any other categories than safe, so that it can be
committed.

Looks good. Great job!

While trying to address this I noticed something weird.
If I do the following:

repeat
  port = nmap.get_ports(host, port, "tcp", "closed")
until(not(port))

I get ALL ports regardless of their protocol or state. Is this really
intended behavior.
According to my interpretation of the documentation I should only get
closed tcp ports, right?
Any ideas on what I need to do to fix this?

I can't reproduce this. I attached a script that has your example code.
My output is:

$ ./nmap --script=get-ports --top-ports 10 scanme.nmap.org -d

PORT     STATE  SERVICE      REASON
21/tcp   closed ftp          conn-refused
22/tcp   open   ssh          syn-ack
23/tcp   closed telnet       conn-refused
25/tcp   closed smtp         conn-refused
80/tcp   open   http         syn-ack
110/tcp  closed pop3         conn-refused
139/tcp  closed netbios-ssn  conn-refused
443/tcp  closed https        conn-refused
445/tcp  closed microsoft-ds conn-refused
3389/tcp closed ms-term-serv conn-refused

Host script results:
| get-ports:
|   open
|     22
|     80
|   closed
|     21
|     23
|     25
|     110
|     139
|     443
|     445
|_    3389

David Fifield

Attachment: get-ports.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]