Bug in NSE core, I think

[Ron <ron () skullsecurity net>]

I believe I found a bug in the NSE core. It comes up when scanning 
multiple hosts on the same ip address. For example, here is the script 
running against multiple sites hosted on my ip address:

--
$ ./nmap --script=test.nse  -p80 www.javaop.com www.skullsecurity.org 
test.skullsecurity.org www.x86labs.org forum.x86labs.org

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-25 19:16 CDT
NSE: Script Scanning completed.
Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http
|_ test: 208.81.2.52 (www.skullsecurity.org)
|_ test: 208.81.2.52 (www.javaop.com)
|_ test: 208.81.2.52 (www.x86labs.org)
|_ test: 208.81.2.52 (test.skullsecurity.org)
|_ test: 208.81.2.52 (forum.x86labs.org)


Nmap done: 5 IP addresses (5 hosts up) scanned in 2.14 seconds
--

Notice that the script ran 5 times for one host, instead of once each.

I understand that normally, this behaviour isn't a big deal. But, when 
scanning Web sites, it's quite plausible that you'll be scanning the 
same host like this.

I've attached the script that I used to replicate this, though it 
doesn't really do that much.

Thanks!
Ron

--
Ron Bowes
http://www.skullsecurity.org/

Attachment: test.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org