Nmap/Code walkthrough

From SecWiki
Jump to: navigation, search

Directory Hierarchy

External libraries

libdnet-stripped

As its README says:

"libdnet provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp(4) cache and route(4) table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission."

Example use are NSE's raw socket and ethernet functions as well as functions like get_interface_info.

liblinear

According to the README, "LIBLINEAR is a simple package for solving large-scale regularized linear classification.". Used for machine-learning based IPv6 OS detection engine.

liblua

This is a copy of Lua programming language library. Used mainly in NSE.

libpcap

A library used for capturing network packets - for example while performing raw socket scans.

libpcre

PCRE stands for Perl-Compatible Regular Expressions. Example usage is in Nmap's service fingerprinting engine (-sV).

Internal libraries

libnetutil

A quick glance at the header files suggests that it's a C++ library that allows packet data structure manipulation.

nsock

This C library adds an abstraction layer for efficiently performing multiple I/O operations asynchronously.

nbase

Groups together various general-purpose Nmap functions, such as string operations, portable select() or OS-dependent code.

Subprojects

ncat

"Ncat is a feature-packed networking utility which reads and writes data across networks from the command line." See its website.

ndiff

"Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it takes two Nmap XML output files and prints the differences between them: hosts coming up and down, ports becoming open or closed, and things like that. Ndiff can produce output in human-readable text or machine-readable XML formats."

Source: https://nmap.org/ndiff/

nmap-update

nping

"Nping is an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing users full control over protocol headers."

Source: https://nmap.org/nping/

zenmap

"Zenmap is the official Nmap Security Scanner GUI."

Source: https://nmap.org/zenmap/

NSE

See NSE.

nselib

A collection NSE libraries that are developed in order to simplify script implementation. Mostly contains Lua code for various network protocols, as well as NSE frameworks such as vulns or brute. You can also find here data files for serveral NSE scripts and documentation for a few of those.

scripts

This is where Nmap's NSE scripts sit. There's also script.db file, which contains an index of those scripts, along with their categories.

Miscellany

docs

Most of Nmap's documentation is here in Docbook XML files. The nroff man pages and the online reference guide are generated from these files. There are also manpage translations here that are very stale and out-of-date. Translation updates are always a good way to get familiar with Nmap, especially if English is not your first language!

macosx

Support files for building the nmap.dmg installer for OS X. Not needed for simply building Nmap from source.

mswin32

Support files for building Nmap from source on Windows. Also contains source for the NSIS installer and other packaging files.

tests

Our tests are sadly neglected. Only the reverse-DNS resolver has any tests implemented at the moment. This is a big potential focus area for improvement.

todo

Mostly eclipsed by the Github Issues tracker, the todo files here are still of some interest.

Execution flow

Breakdown by Language

Including Nmap Project-authored code only.

C

  • Nsock
  • Ncat
  • Nbase
  • nmap-update

C++

  • Nmap
  • Nping
  • libnetutil

Lua

  • NSE

Python

  • Zenmap
  • Ndiff

See Also

References