Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New script reverse-index
From: David Fifield <david () bamsoftware com>
Date: Sun, 27 Nov 2011 15:13:33 -0800

On Thu, Nov 24, 2011 at 12:46:48AM +0100, Patrik Karlsson wrote:
On Wed, Nov 23, 2011 at 11:35 PM, Patrik Karlsson <patrik () cqure net> wrote:

On Wed, Nov 23, 2011 at 5:19 PM, Patrik Karlsson <patrik () cqure net> wrote:

On Wed, Nov 23, 2011 at 1:36 AM, David Fifield <david () bamsoftware com>wrote:

On Tue, Nov 22, 2011 at 09:17:31PM +0100, Patrik Karlsson wrote:

Here's an attempt on creating the reverse-index script which is in the
high-priority list of the secwiki.
The script runs both as a hostrule, collecting port information for
host and storing it in the registry, and as a portrule building the
based on the collected port data.

-- |   tcp
-- |     22:
-- |     23:
-- |   udp
-- |_    5353:,,

I would prefer output like this:

-- |   tcp/22:
-- |   tcp/23:
-- |   udp/5353:,,

I wasn't sure how and if it's possible to create it as a postrule only
script as the secwiki documentation suggests.

No, I don't think so. You found a nice solution.

Anyway, please let me know if it turned out as expected and whether it
should go into any other categories than safe, so that it can be

Looks good. Great job!

David Fifield

While trying to address this I noticed something weird.
If I do the following:

  port = nmap.get_ports(host, port, "tcp", "closed")

I get ALL ports regardless of their protocol or state. Is this really
intended behavior.
According to my interpretation of the documentation I should only get
closed tcp ports, right?
Any ideas on what I need to do to fix this?

I'm hoping this patch solves the problem and returns the correct ports
matching both protocol and state.
Could someone take a look at it and see if it looks correct before I
commit it?

Here's a revised version of the script with the changes to formatting.
It needs the previous patch to nse_nmaplib.cc to return the proper results.

I got the output backwards--it should be 22/tcp not tcp/22. Other than
that you're good to go.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]