diff --git a/CHANGELOG b/CHANGELOG
index 883d9886c..f98060862 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*-
+o [NSE] Added the targets-traceroute script, which inserts traceroute
+ hops onto Nmap scanning queue. [Henri Doreau]
+
o [NSE] Added the target NSE library to let scripts to add new
discovered targets onto Nmap scanning queue. This feature, coupled
with the new prerule is well suited for NSE host discovery. [Djalal]
diff --git a/scripts/script.db b/scripts/script.db
index f4acb7674..c4c61e2f1 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -140,6 +140,7 @@ Entry { filename = "ssl-cert.nse", categories = { "discovery", "safe", } }
Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
Entry { filename = "svn-brute.nse", categories = { "auth", "intrusive", } }
+Entry { filename = "targets-traceroute.nse", categories = { "safe", "discovery", } }
Entry { filename = "telnet-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "upnp-info.nse", categories = { "default", "safe", } }
Entry { filename = "vnc-brute.nse", categories = { "auth", "intrusive", } }
diff --git a/scripts/targets-traceroute.nse b/scripts/targets-traceroute.nse
new file mode 100644
index 000000000..d225e1d30
--- /dev/null
+++ b/scripts/targets-traceroute.nse
@@ -0,0 +1,68 @@
+description = [[
+Inserts traceroute hops into the Nmap scanning queue.
+
+The script needs Nmap traceroute option, and will
+only run if the script argument newtargets is given.
+]]
+
+---
+-- @args newtargets If specified, adds traceroute hops onto Nmap
+-- scanning queue.
+--
+-- @usage
+-- nmap --script targets-traceroute --script-args newtargets --traceroute target
+--
+-- @output
+-- Host script results:
+-- |_traceroute-scan-hops: successfully added 5 new targets.
+
+
+-- 09/02/2010
+author = "Henri Doreau"
+
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {"safe", "discovery"}
+
+require("stdnse")
+require("target")
+
+hostrule = function(host)
+ -- print debug messages because the script relies on
+ -- script arguments and traceroute results.
+ if not target.ALLOW_NEW_TARGETS then
+ stdnse.print_debug(3,
+ "Skipping %s script, 'newtargets' script argument is missing.",
+ SCRIPT_NAME)
+ return false
+ end
+ if not host.traceroute then
+ stdnse.print_debug(3,
+ "Skipping %s script because traceroute results are missing.",
+ SCRIPT_NAME)
+ return false
+ end
+ return true
+end
+
+action = function(host)
+ local ntargets = 0
+ for _, hop in ipairs(host.traceroute) do
+ -- avoid timedout hops, marked as empty entries
+ -- do not add the current scanned host.ip
+ if hop.ip and host.ip ~= hop.ip then
+ local status, ret = target.add(hop.ip)
+ if status then
+ ntargets = ntargets + ret
+ stdnse.print_debug(3,
+ "TRACEROUTE Scan Hops: Added new target "..host.ip.." from traceroute results")
+ else
+ stdnse.print_debug(3, "TRACEROUTE Scan Hops: " .. ret)
+ end
+ end
+ end
+
+ if ntargets > 0 then
+ return string.format("successfully added %d new targets.\n", ntargets)
+ end
+end