RustScan - Scripting Engine

May 16, 2021


RustScan is extensible by the RustScan Scripting Engine. This allows you to write a script that runs after the scan has been completed, taking inputs of open ports and their respective IPs.

No Scripts

No scripts will be run like no custom RustScan script or Nmap Scan
rustscan --script none

Custom Scripts

Custom Scripts run after the program is done with scanning. RSE supports these languages:

  • Python
  • Shell
  • Perl
  • Any program which is binary and in $PATH
Script Engine Argument. There are 3 possibilities:
  • None
  • Custom
  • Default
RustScan’s Scripting Engine can be altered using the “ --scripts” argument.

To execute a custom script, we need a rustscan_scripts.toml file located at $HOME/.rustscan_scripts.toml.

The script file contents:

# Test/Example ScriptConfig file

# Tags to filter on scripts. 
# Only scripts containing all these tags will run.

tags = ["core_approved", "example"]


# If it's present then only those scripts will run 
# which has tag ports = "80". 
# Not yet implemented.
  
# ex.:
# ports = ["80"]
# ports = ["80","81","8080"]
ports = ["80"]


# Only this developer(s) scripts to run. 
# Not yet implemented.
developer = ["example"]

Python Script Example

# !/usr/bin/python3
 
# tags = ["core_approved", "example",]
# developer = [ "example", "https://example.org" ]
# trigger_port = "80"
# call_format = "python3 {{script}} {{ip}} {{port}}"

# Scriptfile parser stops at the first blank 
# line with parsing.
# This script will run itself as an argument with 
# the system installed python interpreter, 
# only scanning port 80.  

# Unused filed: ports_separator = ","


import sys
print('Python script ran with arguments', str(sys.argv))
  • Tags: Tags are categories of scripts. Only run scripts that match these categories.
  • Developer: Name of the developer/creator of the scripts.
  • Trigger State: what point the script should trigger.

Now everything after this metadata is the code itself. The script will receive arguments via sys.argv in the format specified in the call_format variable. Now with this data, we run the script, doing whatever we please!

To get your hands-on, Practice TryHackMe's RustScan Room

RustScan is still a good tool. It’s especially useful for local environments where you need extra speed on your scans like in CTFs. But if you need more complex configurations, such as changing the technique used to discover ports or to work on different protocols such as UDP, it might be better to the familiar, Nmap.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.
, , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)