DefCon: Nmap Scripting Engine Q&A
By Fyodor and David Fifield
After the presentatioin I joined Fyodor end David in the Q&A room to talk further about the Nmap NSE session. Here are some of the questions and answers…
Is there anything like XML output to glue the output of the scripts together? Script output is included in the normal XML output, but it is not yet in any structured format. The cool guys from the nmap project has not yet figured out how to do that.
Will the password cracking capabilities in nmap make stuff like John the Ripper obsolete? The passwordcracking functionality demoed is not a replacement of John the Ripper, but work is in progress to make the capabilities of nmap better, especially on the ncrack project which will release a rdp password cracking in the next few days.
Is there a way to run scripts with a declared dependancy so one script runs and thenthe other script runs based on the results? The is fully supported.
Why lua over other languages? It was a fight over the scheme laguage or another language. In the end we settled on lua. Perl and pyhon where too big to ship with nmap. Lua really fitted with what we needed and wasn’t too big.
Is nmap turning into the new Nessus? Well, it could, but is will never include all scripts to find all vulnerabilities. Each product has its own use, but nmap is getting nearer and nearer to becoming a vulnerability scanner. Conflicker is a great example of that nmap was the first scanner that was able to remotely detect conflicker infected machines.
Are there plans to include hping functionality in nmap. Yes, there is nping, which has similar functionality and more.
Is there raw packet functionality in NSE? There are packet creation functions in the lua libraries and there is an interface to pcap as well.
