Hey all,
I've mentioned this before, but I'm starting to accumulate ideas so I
figured I'd officially request it. I talked to Patrick a bit about it
today, and he thinks it wouldn't be too hard to implement.
Basically, I'm requesting something along the lines of Metasploit's
auxiliary modules -- these would be scripts that run once/scan, and
aren't associated with a specific host or port. Here are some uses I can
think of:
- Broadcast NetBIOS queries -- sending NetBIOS queries to
255.255.255.255 and getting responses from the whole subnet
- Broadcast DHCP queries -- sending DHCP requests to 255.255.255.255 and
seeing what responds
- Attack implementations against network infrastructure -- for example,
attempting to overwhelm a switch to see how it behaves
- Sniffer stuff -- sniffing for (x) seconds and identifying, say, URLs
in the sniffed traffic
- Sniffer: identifying network information (CDP or BGP or whatever)
- Running an evil daemon process (for example, a malicious dhcp server
or a malicious NetBIOS server)
The last couple are really out of the scope of Nmap's purpose, but I
think they're interesting, nevertheless. I think the broadcast stuff is
the most important part.
Comments would be appreciated.
Thanks!
Ron
--
Ron Bowes
http://www.skullsecurity.org/_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-devArchived at
http://seclists.org/nmap-dev/
