Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmaprc.lua?

From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 15 May 2013 18:23:06 -0400
Hi Jacek,

On Sun, May 12, 2013 at 1:29 PM, Jacek Wielemborek
<wielemborekj1 () gmail com> wrote:

While reading the Fyodor's book „Nmap Network Discovery”, it struck
how much does Nmap turn on by default when I just type in „nmap
example.org”. There are host discovery defaults, reverse scanning
features, determining scan type based on whether the user is root or
not... I have to admit I didn't know of most of the nmap features prior
to reading the book.

Now that I know them, I thought it over and figured that some of the
nmap users could prefer to alter the defaults, so that a bare nmap
command with just the host specification and no additional switches
would for example scan keep scanning for top 10 ports instead of
1000 of them or disable default reverse DNS queries. I can imagine
quite a few use cases for this feature.

While using Zenmap, I had the feeling that the „profiles” feature fits
nicely into the CLI nmap binary. With nmaprc.lua you could define an
associative array called „profiles” which would contain the presets.
This way, without typing a few-lines long command, one could run
nmap –profile=stealthy example.org”.

Of course, while implementing this feature, it is important to
remember about security. Since quite a lot of folks use nmap using
root account, as bonsaiviking pointed out on the IRC, the nmaprc.lua
has to be implemented in a way that prevents arbitrary command
execution. It might be a good idea to ignore the file at all if anybody
but its owner can write to it.

Using Lua for this project would make this feature open for interesting
use cases – for example, somebody could with hardly any effort make
his nmap warn him about scanning the company's internal network
during working hours and automatically switch to a „light-traffic”
profile. I believe this could be an interesting project.


It's certainly interesting. I would like to see something like this personally.

It would actually be great if Nmap were driven more via a scripting
language (like Lua) but that would require a major overhaul.

As for arbitrary command execution for Nmap run as root, that's
already trivial. [Don't use Nmap with setuid root!] I don't think that
should be a consideration for something like an nmaprc.lua file.

--
- Patrick Donnelly
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: