NMAP

mimizu · Post by **mimizu** » Wed Feb 20, 2013 4:30 am

bind pub - !nmap port_scan
proc port_scan {nick uhost handle chan args} {
putserv "PRIVMSG $chan : Scanning...... $args wait................!!"
global data_var
set data_var [exec nmap $args]
set l [split $data_var "\r\n"]
foreach i $l { puthelp "PRIVMSG $chan : $i " }
putlog "<<$chan>> !$handle! !nmap"
}

please help, to fix nmap script above.

if anyone did order !nmap nmap it will wait for the process is complete and can not process !nmap with a message on the channel "please wait a moment, are doing nmap"

Please help.

thank you

Madalin · Post by **Madalin** » Wed Feb 20, 2013 7:09 am

Try this

Code: Select all

bind pub - !nmap port_scan

proc port_scan {nick uhost handle chan args} {
	global progress

	if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return }

	putserv "PRIVMSG $chan : Scanning...... $args wait................!!"

	set progress 1

	set data_var [exec nmap $args]

	set l [split $data_var "\r\n"]

	foreach i $l { puthelp "PRIVMSG $chan : $i " }

	set progress 0

	putlog "<<$chan>> !$handle! !nmap"
}

dirty · Post by **dirty** » Wed Feb 20, 2013 8:27 am

And maybe add some protection so that it won`t scan if someone uses !nmap without any $args

Code: Select all

bind pub - !nmap port_scan 

proc port_scan {nick uhost handle chan args} { 
   global progress 
   
   if {$args == ""} { putserv "PRIVMSG $chan :Error. No arguments specified."; return }
   if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return } 

   putserv "PRIVMSG $chan : Scanning...... $args wait................!!" 
   putlog "<<$chan>> !$handle! !nmap"

   set progress 1 

   set data_var [exec nmap $args] 

   set l [split $data_var "\r\n"] 

   foreach i $l { puthelp "PRIVMSG $chan : $i " } 

   set progress 0  
}

Post by **caesar** » Wed Feb 20, 2013 9:42 am

Public access to exec.. bad idea in the first place.

Not to mention the info exists progress will work for the first time, then will not allow the script to continue.

I think you meant to create an global variable outside the port_scan proc (after bind line, like set progress 0) then match it's value against 1 or 0 like if {$progress} or if {!$progress} and proceed with return or continue. Oh, and guys please refrain from using $args as has special meaning in TCL.

dirty · Post by **dirty** » Wed Feb 20, 2013 9:58 am

Not really caesar.. could be done this way..

Code: Select all

bind pub - !nmap port_scan 

proc port_scan {nick uhost handle chan text} { 
   global progress 
    
   if {$text == ""} { putserv "PRIVMSG $chan :Error. No arguments specified."; return } 
   if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return } 

   putserv "PRIVMSG $chan : Scanning...... $text wait................!!" 
   putlog "<<$chan>> !$handle! !nmap" 

   set progress 1 

   set data_var [exec nmap $text] 

   set l [split $data_var "\r\n"] 

   foreach i $l { puthelp "PRIVMSG $chan : $i " } 

   unset -nocomplain progress
}

speechles · Post by **speechles** » Wed Feb 20, 2013 2:52 pm

Caeser is right. An attacker can compromise your bot pretty immediately otherwise. For example, the code below:

Code: Select all

!nmap [return "[adduser nick] [chattr nick +fgmnov]"]

Here we show that using [exec] over unsanitized user input will let "nick" takeover your bot. Using the !nmap line above and replace "nick" with your nickname. You should see "1 fgmnov" when you gain ownership of the bot via this method, not the normal nmap reply expected.

Also:

Caeser wrote:Not to mention the info exists progress will work for the first time, then will not allow the script to continue.

Yeah, not to mention that the script will run once and then not work again because of that variable "progress". You think tcl is threaded? It isn't...

dirty · Post by **dirty** » Wed Feb 20, 2013 3:14 pm

Yes your right speachles and caesar.. but i only fixed the "info exists" and $args to $text part.. the part with exec can be fixed by checking $text for specific pattern or by limiting the command with a "bind pub n| !nmap port_scan"

mimizu · Post by **mimizu** » Thu Feb 21, 2013 12:06 am

I am trying to master ...

Wishing success ^ ^

Thank you very much before and after ....

mimizu · Post by **mimizu** » Thu Feb 21, 2013 1:49 am

Sir...

If i use :

Code: Select all

bind pub - !nmap port_scan

proc port_scan {nick uhost handle chan args} {
   global progress

   if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return }

   putserv "PRIVMSG $chan : Scanning...... $args wait................!!"

   set progress 1

   set data_var [exec nmap $args]

   set l [split $data_var "\r\n"]

   foreach i $l { puthelp "PRIVMSG $chan : $i " }

   set progress 0

   putlog "<<$chan>> !$handle! !nmap"
}

or

Code: Select all

bind pub - !nmap port_scan

proc port_scan {nick uhost handle chan args} {
   global progress
   
   if {$args == ""} { putserv "PRIVMSG $chan :Error. No arguments specified."; return }
   if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return }

   putserv "PRIVMSG $chan : Scanning...... $args wait................!!"
   putlog "<<$chan>> !$handle! !nmap"

   set progress 1

   set data_var [exec nmap $args]

   set l [split $data_var "\r\n"]

   foreach i $l { puthelp "PRIVMSG $chan : $i " }

   set progress 0 
}

if command !nmap reused, the message:

nmap in progress please wait to finish..

when I use:

Code: Select all

bind pub - !nmap port_scan

proc port_scan {nick uhost handle chan text} {
   global progress
   
   if {$text == ""} { putserv "PRIVMSG $chan :Error. No arguments specified."; return }
   if {[info exists progress]} { putserv "PRIVMSG $chan :nmap in progress please wait to finish.."; return }

   putserv "PRIVMSG $chan : Scanning...... $text wait................!!"
   putlog "<<$chan>> !$handle! !nmap"

   set progress 1

   set data_var [exec nmap $text]

   set l [split $data_var "\r\n"]

   foreach i $l { puthelp "PRIVMSG $chan : $i " }

   unset -nocomplain progress
}

The script can not invoke nmap in linux server.

Thanks

Post by **caesar** » Thu Feb 21, 2013 2:09 am

It's caesar damn it, also notice the lowercase

Someone with bad intentions could compromise the box this is running, not just the bot. If you wish to check if a port is open or not, why not use one of user's scripts like socket api - nonblocking tcp made easy?

Or, if you wish to insist on using nmap, if there are certain arguments an user would use anyway why not add this modes inside the function and request user only for a valid IP adress? There are a few examples on Regular Expression Examples with a regexp or scan to do this IP validation.

mimizu · Post by **mimizu** » Thu Feb 21, 2013 2:45 am

check port 1 by 1 x_x

nmap check all open and close port.... ^^

CMIWW

Post by **caesar** » Thu Feb 21, 2013 10:41 am

There's no need to quote the previous post if you intend to reply to that, and second, nmap dose exactly the same thing, except it already has a predefined list of ports to check so you just have to feed it with an IP address.