Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nmap ignoring --script parameter

Tags:

redis

ubuntu

nmap

I have installed nmap 6.25 on an Ubuntu 12.04 server, and am trying to use the redis-info script. I have downloaded the script and put it in my home directory. When I run:

nmap -p 6379 -Pn my.ip.num.ber --script redis-info.nse

it just does a normal scan, without even checking the script at all.

Host is up.
PORT     STATE    SERVICE
6379/tcp filtered unknown

That's it. It's a totally fresh install, I have changed nothing at all other than downloading the script. What am I missing?

like image 702
Bill Sempf Avatar asked Jun 18 '13 16:06

Bill Sempf


People also ask

What is Nmap script VULN?

Nmap-vulners is another popular vulnerability scanning script. It relies on the Vulners exploit database when we execute the NSE script. To run a simple CVE or vulnerability scan, follow the syntax below after installing the script: nmap –script nmap-vulners/ -sV 55.44. 33.22.

How do I scan a target with default scripts?

To perform a scan with most of the default scripts, use the -sC flag or alternatively use --script=default as shown.

What is defeat rst Ratelimit?

The –defeat-rst-ratelimit is used to defeat targets that apply rate limiting to RST (reset) packets. syntax: nmap –defeat-rst-ratelimit [target] The –defeat-rst-ratelimit option can be useful if you want to speed up scans on targets that implement RST packet rate limits.

What is sC flag in Nmap?

Performs a script scan using the default set of scripts. It is equivalent to --script=default. Some of the scripts in this category are considered intrusive and should not be run against a target network without permission.


1 Answers

Nmap's NSE scripts have (at least) two conditions which are required be true before they will run:

  1. The script must be selected. In your case, you selected it with --script redis-info, but it could also be selected by category (e.g. --script discovery).
  2. The script's rule function must return true.

In the case of redis-info, as with most scripts, the rule requires that a specific port be open. Here's the rule in its entirety:

portrule = shortport.port_or_service(6379, "redis-server")

In your case, port 6379 is filtered, which means that it is not open, so the script will not run. This is expected, since running on a port that is not open would not be useful. You can force the script to run regardless of the return value of its rule, but this is rarely useful. To do so, prefix the script's name with +, like so: --script +redis-info. Note that this means it will run on every port scanned, so don't use it lightly!

like image 98
bonsaiviking Avatar answered Sep 21 '22 09:09

bonsaiviking