Home page logo

nmap-dev logo Nmap Development mailing list archives

[RFC][NSE] FTP bounce scan implemented as NSE script
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 11 Feb 2014 14:46:24 -0600


FTP bounce scans are ancient, but Nmap remains one of the tools that
is used to perform them. I recently refactored the FTP bounce scan
code out of the rest of Nmap's files into nmap_ftp.{h,cc}, with the
goal of replacing it with a NSE script.

The attached script is my attempt to clone the logic in nmap_ftp.cc. I
have run it against scanme.nmap.org via several servers on the
Internet, and the results are inconclusive: No server gives a
completely accurate scan. I have also failed to set up a vulnerable
FTP server, since pretty much every ftpd will now refuse PORT commands
with third-party IP addresses.

I need testers, and I need eyes on this code. I suspect that it could
be made cleaner, and I think there is room for accuracy improvement,
but I don't have a good test environment to be sure.



Attachment: ftp-bounce-scan.nse

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • [RFC][NSE] FTP bounce scan implemented as NSE script Daniel Miller (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]