| ▲ | freedomben 5 days ago |
| Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well |
|
| ▲ | wkat4242 4 days ago | parent | next [-] |
| It's mainly beside nmap detection is a feature of most IDS so it's bound to raise some red flags. Same with even doing packet sniffing. It can be detected when using wireshark because it does reverse DNS lookups for each ip it sees in its default configuration. I had legit reasons for it at work so I always mentioned it to the network guys before ding stuff like this. We also had a firewalled lab network. We did get some pushback once when some scans leaked out to the office network. But it was their fault for having the firewall open. |
|
| ▲ | randall 5 days ago | parent | prev | next [-] |
| one time i ran nmap against my dev box at facebook. i was definitely worried someone was going to give me a stern talking to. |
| |
| ▲ | varenc 5 days ago | parent | next [-] | | I ran 'neoprint.php' on myself at Facebook in 2007 and immediately got a stern email about it... It was some script that collected info for responding to law enforcement requests. But after chastising me, the email said "I was gratified that you ran it on yourself". (as opposed to snooping on someone else!) It was just a summer internship and FB was like 'only' 80 engineers back then. But they still took it seriously. | | |
| ▲ | Thorrez 4 days ago | parent [-] | | I think that's a little different. It sounds like neoprint.php is an internal Facebook tool for looking up data on Facebook users. So improper usage of it is a privacy problem for users. It's something misbehaving employees might run against celbrities, exes, etc. (e.g. https://www.gawkerarchives.com/5637234/gcreep-google-enginee... ) Otoh nmap isn't a privacy problem for users of Facebook (or any other tech company). | | |
| ▲ | varenc 4 days ago | parent [-] | | Yea totally agree. Mainly just wanted to shoehorn in my own story about stern emails at FB! Also I think running nmap on your own development machine is totally legitimate. Lots of reasons you might want to do it. |
|
| |
| ▲ | SoftTalker 5 days ago | parent | prev [-] | | I use nmap routinely at work to see what’s on a subnet, has anything new appeared, or where it should not be. | | |
| ▲ | bravetraveler 5 days ago | parent [-] | | +1. If I can't run nap or netcat, or have to justify it each time, I can't do my job. Better off elsewhere. I've departed early at least twice over this. Draconian IT serves nobody. Been doing this long enough I deliberately poke any new employer; see what's in store. Nobody cares, though. EDR appliances sell without careful administration. The industry will outlive us all. |
|
|
|
| ▲ | hsbauauvhabzb 5 days ago | parent | prev [-] |
| While that may be true, it’s less true for things like cobalt strike. I’m not saying that banning tooling would be a good thing, but it’s a bad argument to compare Nmap to remote access tools. |
| |
| ▲ | freedomben 5 days ago | parent | next [-] | | I don't disagree, but GP is asking about all offensive tools, not just Cobalt strike. IMHO a platform like GitHub should not be picking and choosing which projects are offensive enough to remove. Yes, there are some tools that are pretty clearly more offensive than others, but creating a policy would not be clear-cut | |
| ▲ | wkat4242 4 days ago | parent | prev [-] | | Cobalt strike is just an automated script kiddie really. It's a way for red teamers to catch low hanging fruit. And because of that, there's not so much low hanging fruit anyway. |
|
