DefCon: Nmap Scripting Engine Q&A
By Fyodor and David Fifield
After the presentatioin I joined Fyodor end David in the Q&A room to talk further about the Nmap NSE session. Here are some of the questions and answers…
Is there anything like XML output to glue the output of the scripts together? Script output is included in the normal XML output, but it is not yet in any structured format. The cool guys from the nmap project has not yet figured out how to do that.
Will the password cracking capabilities in nmap make stuff like John the Ripper obsolete? The passwordcracking functionality demoed is not a replacement of John the Ripper, but work is in progress to make the capabilities of nmap better, especially on the ncrack project which will release a rdp password cracking in the next few days.
Is there a way to run scripts with a declared dependancy so one script runs and thenthe other script runs based on the results? The is fully supported.
Why lua over other languages? It was a fight over the scheme laguage or another language. In the end we settled on lua. Perl and pyhon where too big to ship with nmap. Lua really fitted with what we needed and wasn’t too big.
Is nmap turning into the new Nessus? Well, it could, but is will never include all scripts to find all vulnerabilities. Each product has its own use, but nmap is getting nearer and nearer to becoming a vulnerability scanner. Conflicker is a great example of that nmap was the first scanner that was able to remotely detect conflicker infected machines.
Are there plans to include hping functionality in nmap. Yes, there is nping, which has similar functionality and more.
Is there raw packet functionality in NSE? There are packet creation functions in the lua libraries and there is an interface to pcap as well.
David asked the audience to submit their scripts so they can be shared with others.
How can you make a living with Nmap? We get a little money for licensing nmap to people who want to include nmap in their closed source programs, but we cannot support a big company from this revenue. Web advertisement and the income from Fyodors book help as well, as well as donations. Google summer of code has helped bigtime as well, it enables us to tap into programmers without the associated cost.
What other languages can interfaces with nmap? There are interfaces in Perl and Ruby both for scanning and analyzing results, it should not be hard to interface with other languages as well.
How is you book selling and is there any other news? The book sold very well, about 10,000 copies sold, which is a lot for a network scanning book. Print can not allways keep up with the current rapid changes with nmap. Fortunatly the online version of the book is updates as nmap is updated. But a lot of the content of the paper based book is still very valid, because the basic scanning has not changed much.
Fyodor would like to add that Ndiff is a good tool for monitoring differences in the network, it is not as well known as he would like it too be.
He also pointed the attendies to the Rainmap project (this name may change in the future). It is online scanning software (cloud based or private) that will also give you the changes on the network. It is currently under development in the summer of code. We hope that we have some early beta quality in about a week or three.