Feature request: scanrule scripts

[Ron <ron () skullsecurity net>]

Hey all,

I've mentioned this before, but I'm starting to accumulate ideas so I
figured I'd officially request it. I talked to Patrick a bit about it
today, and he thinks it wouldn't be too hard to implement.

Basically, I'm requesting something along the lines of Metasploit's
auxiliary modules -- these would be scripts that run once/scan, and
aren't associated with a specific host or port. Here are some uses I can
think of:
- Broadcast NetBIOS queries -- sending NetBIOS queries to
255.255.255.255 and getting responses from the whole subnet
- Broadcast DHCP queries -- sending DHCP requests to 255.255.255.255 and
seeing what responds
- Attack implementations against network infrastructure -- for example,
attempting to overwhelm a switch to see how it behaves
- Sniffer stuff -- sniffing for (x) seconds and identifying, say, URLs
in the sniffed traffic
- Sniffer: identifying network information (CDP or BGP or whatever)
- Running an evil daemon process (for example, a malicious dhcp server
or a malicious NetBIOS server)

The last couple are really out of the scope of Nmap's purpose, but I
think they're interesting, nevertheless. I think the broadcast stuff is
the most important part.

Comments would be appreciated.

Thanks!
Ron

-- 
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/