From 15a0dc47b0ddc1dd2245ca1ab3e2cd384724c6a4 Mon Sep 17 00:00:00 2001 From: djalal Date: Fri, 10 Sep 2010 01:53:22 +0000 Subject: [PATCH] Added the targets-traceroute script, which inserts traceroute hops onto Nmap scanning queue. --- CHANGELOG | 3 ++ scripts/script.db | 1 + scripts/targets-traceroute.nse | 68 ++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 scripts/targets-traceroute.nse diff --git a/CHANGELOG b/CHANGELOG index 883d9886c..f98060862 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added the targets-traceroute script, which inserts traceroute + hops onto Nmap scanning queue. [Henri Doreau] + o [NSE] Added the target NSE library to let scripts to add new discovered targets onto Nmap scanning queue. This feature, coupled with the new prerule is well suited for NSE host discovery. [Djalal] diff --git a/scripts/script.db b/scripts/script.db index f4acb7674..c4c61e2f1 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -140,6 +140,7 @@ Entry { filename = "ssl-cert.nse", categories = { "discovery", "safe", } } Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } } Entry { filename = "sslv2.nse", categories = { "default", "safe", } } Entry { filename = "svn-brute.nse", categories = { "auth", "intrusive", } } +Entry { filename = "targets-traceroute.nse", categories = { "safe", "discovery", } } Entry { filename = "telnet-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "upnp-info.nse", categories = { "default", "safe", } } Entry { filename = "vnc-brute.nse", categories = { "auth", "intrusive", } } diff --git a/scripts/targets-traceroute.nse b/scripts/targets-traceroute.nse new file mode 100644 index 000000000..d225e1d30 --- /dev/null +++ b/scripts/targets-traceroute.nse @@ -0,0 +1,68 @@ +description = [[ +Inserts traceroute hops into the Nmap scanning queue. + +The script needs Nmap traceroute option, and will +only run if the script argument newtargets is given. +]] + +--- +-- @args newtargets If specified, adds traceroute hops onto Nmap +-- scanning queue. +-- +-- @usage +-- nmap --script targets-traceroute --script-args newtargets --traceroute target +-- +-- @output +-- Host script results: +-- |_traceroute-scan-hops: successfully added 5 new targets. + + +-- 09/02/2010 +author = "Henri Doreau" + +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" + +categories = {"safe", "discovery"} + +require("stdnse") +require("target") + +hostrule = function(host) + -- print debug messages because the script relies on + -- script arguments and traceroute results. + if not target.ALLOW_NEW_TARGETS then + stdnse.print_debug(3, + "Skipping %s script, 'newtargets' script argument is missing.", + SCRIPT_NAME) + return false + end + if not host.traceroute then + stdnse.print_debug(3, + "Skipping %s script because traceroute results are missing.", + SCRIPT_NAME) + return false + end + return true +end + +action = function(host) + local ntargets = 0 + for _, hop in ipairs(host.traceroute) do + -- avoid timedout hops, marked as empty entries + -- do not add the current scanned host.ip + if hop.ip and host.ip ~= hop.ip then + local status, ret = target.add(hop.ip) + if status then + ntargets = ntargets + ret + stdnse.print_debug(3, + "TRACEROUTE Scan Hops: Added new target "..host.ip.." from traceroute results") + else + stdnse.print_debug(3, "TRACEROUTE Scan Hops: " .. ret) + end + end + end + + if ntargets > 0 then + return string.format("successfully added %d new targets.\n", ntargets) + end +end