On Fri Jan 06 2006 at 12:19, Martin Mačok wrote:
Yes, I had almost the same experience. But the 'diet' change was made
after 3.94 release. Have you tried 3.95?
I am trying now on my desktop. 250 MB and still growing. Should I kill
it or should I wait and see if it can crash a machine with 1.5 GB of
RAM and 2.5 GB of swap?
As I don't have any "big" network here, I launched it against the
loopback interface:
nmap -oG /tmp/local.nmap -sS -sV -O -sR -v -p 1-65535 127.0.0.0/16
IMHO, we should remove the part of the plugin that runs Nmap and just
keep the import part. This would also make the GUI simpler.
Something like this (not tested):
Index: nmap.nasl
--- nmap.nasl 24 Dec 2005 08:22:53 -0000 1.28
+++ nmap.nasl 6 Jan 2006 14:00:24 -0000
@@ -29,10 +29,10 @@
script_description(english:desc["english"]);
- summary["english"] = "Performs portscan / RPC scan";
+ summary["english"] = "Imports a Nmap 'grepable' file";
script_summary(english:summary["english"]);
- script_category(ACT_SCANNER);
+ script_category(ACT_SETTINGS);
script_copyright(english:"This script is Copyright (C) 2004 Michel Arboi");
family["english"] = "Port scanners";
@@ -41,57 +41,12 @@
script_dependencies("ping_host.nasl");
- if (NASL_LEVEL < 2181) exit(0); # Cannot run
-
- v = pread(cmd: "nmap", argv: make_list("nmap", "-V"));
- if (v != NULL)
- {
- ver = ereg_replace(pattern: ".*nmap version ([0-9.]+).*", string: v,
replace: "\1");
- if (ver == v) ver = NULL;
- }
-
- if (ver =~ "^[3-9]\.")
- script_add_preference(name:"TCP scanning technique :", type:"radio",
- value:"connect();SYN scan;FIN scan;Xmas Tree scan;SYN FIN scan;FIN SYN
scan;Null scan");
- else
- script_add_preference(name:"TCP scanning technique :", type:"radio",
- value:"connect();SYN scan;FIN scan;Xmas Tree scan;Null scan");
-
- script_add_preference(name:"UDP port scan", type:"checkbox", value: "no");
- # This option eats too much memory and hits rlimits
- if (NASL_LEVEL > 2200)
- script_add_preference(name:"Service scan", type:"checkbox", value: "no");
- script_add_preference(name:"RPC port scan", type:"checkbox", value: "no");
- # Too much memory
- if (NASL_LEVEL > 2200)
- {
- script_add_preference(name:"Identify the remote OS", type:"checkbox", value:
"no");
- script_add_preference(name:"Use hidden option to identify the remote OS",
type:"checkbox", value: "no");
- }
- script_add_preference(name:"Fragment IP packets (bypasses firewalls)",
type:"checkbox", value: "no");
- if (ver !~ "3.7[05]")
- script_add_preference(name:"Get Identd info", type:"checkbox", value: "no");
- script_add_preference(name:"Do not randomize the order in which ports are
scanned", type:"checkbox", value: "no");
- script_add_preference(name: "Source port :", value: "", type: "entry");
- script_add_preference(name:"Timing policy :", type:"radio",
- value: "Auto (nessus
specific!);Normal;Insane;Aggressive;Polite;Sneaky;Paranoid;Custom");
- script_add_preference(name: "Host Timeout (ms) :", value: "", type: "entry");
- script_add_preference(name: "Min RTT Timeout (ms) :", value: "", type:
"entry");
- script_add_preference(name: "Max RTT Timeout (ms) :", value: "", type:
"entry");
- script_add_preference(name: "Initial RTT timeout (ms) :", value: "", type:
"entry");
- script_add_preference(name: "Ports scanned in parallel (max)", value: "",
type: "entry");
- script_add_preference(name: "Ports scanned in parallel (min)", value: "",
type: "entry");
- script_add_preference(name: "Minimum wait between probes (ms)", value: "",
type: "entry");
script_add_preference(name: "File containing grepable results : ", value: "",
type: "file");
- script_add_preference(name: 'Do not scan targets not in the file', value:
'no', type: 'checkbox');
- if (ver =~ "^3\.")
- script_add_preference(name: "Data length : ", value: "", type: "entry");
- script_add_preference(name: "Run dangerous port scans even if safe checks are
set", value:"no", type:"checkbox");
exit(0);
}
#
-if (NASL_LEVEL < 2181 || ! defined_func("pread") || !
defined_func("get_preference"))
+if (NASL_LEVEL < 2181 || ! defined_func("fread") || !
defined_func("get_preference"))
{
set_kb_item(name: "/tmp/UnableToRun/14255", value: TRUE);
display("Script #14255 (nmap_wrapper) cannot run - upgrade libnasl\n");
@@ -147,194 +102,9 @@
res = script_get_preference_file_content("File containing grepable results :
");
res = egrep(pattern: "Host: +" + esc_ip + " ", string: res);
-if (! res)
-{
- opt = script_get_preference('Do not scan targets not in the file');
- if ('yes' >< opt) exit(0);
-
- i = 0;
- argv[i++] = "nmap";
- argv[i++] = "-n";
- argv[i++] = "-P0"; # Nmap ping is not reliable
- argv[i++] = "-oG";
- if (defined_func("get_tmp_dir"))
- {
- tmpdir = get_tmp_dir();
- if (tmpdir) tmpfile = strcat(tmpdir, "nmap-", get_host_ip(), "-", rand() );
- }
- if (tmpfile)
- argv[i++] = tmpfile;
- else
- argv[i++] = "-";
-
- p = script_get_preference("TCP scanning technique :");
- # Force TCP scan in safe mode - other options could crash the IP stack
- # TCP scan is more aggressive against broken services than SYN scan,
- # but those services will probably be killed by fin_service or similar
- # tests.
- if (safe) argv[i++] = "-sT";
- else if (p == "SYN scan" || p == "SYN FIN scan") argv[i++] = "-sS";
- else if (p == "FIN scan" || p == "FIN SYN scan") argv[i++] = "-sF";
- else if (p == "Xmas Tree scan") argv[i++] = "-sX";
- else if (p == "Null scan") argv[i++] = "-sN";
- else argv[i++] = "-sT";
- if (p == "FIN SYN scan" || p == "SYN FIN scan")
- {
- argv[i++] = "--scanflags";
- argv[i++] = "SYNFIN";
- }
-
- # UDP & RPC scans or fingerprinting may kill a buggy IP stack
- if (! safe)
- {
- p = script_get_preference("UDP port scan");
- if ("yes" >< p) argv[i++] = "-sU";
- p = script_get_preference("Service scan");
- if ("yes" >< p) argv[i++] = "-sV";
- p = script_get_preference("RPC port scan");
- if ("yes" >< p) argv[i++] = "-sR";
- p = script_get_preference("Identify the remote OS");
- if ("yes" >< p) argv[i++] = "-O";
- p = script_get_preference("Use hidden option to identify the remote OS");
- if ("yes" >< p) argv[i++] = "--osscan_guess";
- p = script_get_preference("Fragment IP packets (bypasses firewalls)");
- if ("yes" >< p) argv[i++] = "-f";
- }
- p = script_get_preference("Get Identd info");
- if ("yes" >< p) argv[i++] = "-I";
- port_range = get_preference("port_range");
- if (port_range) # Null for command line tests only
- {
- argv[i++] = "-p";
- if (port_range == "default" )
- {
- n = 0;
- str = "";
- while ( port = scanner_get_port(n) )
- {
- if ( n > 0 ) str += "," + string(port);
- else str = string(port);
- n ++;
- }
- argv[i++] = str;
- }
- else
- argv[i++] = port_range;
- }
-
- p = script_get_preference("Do not randomize the order in which ports are
scanned");
- if ("yes" >< p) argv[i++] = "-r";
- p = script_get_preference("Source port :");
- if (p =~ '^[0-9]+$') { argv[i++] = "-g"; argv[i++] = p; }
-
- # We should check the values when running in "safe checks".
- custom_policy = 0;
- p = script_get_preference("Host Timeout (ms) :");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--host_timeout";
- argv[i++] = p;
- custom_policy ++;
- }
- p = script_get_preference("Min RTT Timeout (ms) :");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--min_rtt_timeout";
- argv[i++] = p;
- custom_policy ++;
- }
- p = script_get_preference("Max RTT Timeout (ms) :");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--max_rtt_timeout";
- argv[i++] = p;
- custom_policy ++;
- }
- p = script_get_preference("Initial RTT Timeout (ms) :");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--initial_rtt_timeout";
- argv[i++] = p;
- custom_policy ++;
- }
- min = 1;
- p = script_get_preference("Ports scanned in parallel (min)");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--min_parallelism";
- argv[i++] = p;
- min = p;
- custom_policy ++;
- }
- p = script_get_preference("Ports scanned in parallel (max)");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--max_parallelism";
- if (p < min) p = min;
- argv[i++] = p;
- custom_policy ++;
- }
-
- p = script_get_preference("Minimum wait between probes (ms)");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--scan_delay";
- argv[i++] = p;
- custom_policy ++;
- }
-
- if (! custom_policy)
- {
- p = script_get_preference("Timing policy :");
- if ( ! p ) p = "Normal";
- if ("Auto" >< p)
- {
- rtt = compute_rtt();
- if (! isnull(rtt))
- {
- minrtt = rtt[0];
- maxrtt = rtt[1];
- if (minrtt)
- {
- argv[i++] = "--min_rtt_timeout";
- argv[i++] = minrtt;
- }
- if (maxrtt)
- {
- argv[i++] = "--max_rtt_timeout";
- argv[i++] = maxrtt;
- }
- }
- # otherwise, use "Normal" timing
- }
- else if (p != "Normal")
- {
- argv[i++] = "-T";
- # Disable aggresive timings in safe checks
- if (safe && ("Insane">< p || "Aggressive" >< p)) argv[i++] = "Normal";
- else argv[i++] = p;
- }
- }
-
- p = script_get_preference("Data length : ");
- if (p =~ '^[0-9]+$')
- {
- argv[i++] = "--data_length";
- argv[i++] = p;
- custom_policy ++;
- }
-
- argv[i++] = ip;
-
+if (! res) exit(0);
scanner_status(current: 0, total: 65535);
- res = pread(cmd: "nmap", argv: argv, cd: 1);
- if (tmpfile)
- res = fread(tmpfile);
-# display(argv, "\n", res, "\n\n");
- if (! res) exit(0); # error
-}
-
if (egrep(string: res, pattern: '^# +Ports scanned: +TCP\\(65535;'))
full_scan = 1;
else
@@ -343,7 +113,7 @@
res = egrep(pattern: "Host: +" + esc_ip + " ", string: res);
if (! res)
{
- set_kb_item(name: "Host/ping_failed", value: "yes");
+ # set_kb_item(name: "Host/ping_failed", value: "yes");
exit(0);
}
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
