:: umit; adding options ::


First of all

The files related to this magic that are worth to note: options.xml, profile_editor.xml and wizard.xml. They should be at umit main dir root. If they're not there, try to find where they were installed.

For this task you don't need to know about programming, but you should know a little bit of xml. If you don't, be careful: one mistake and UMIT could not run properly. Make your best following the file syntax.

Here is a piece of xml at options.xml:

<?xml version="1.0"?>

<nmap_options>
   <option name="FTP bounce attack"
     option="-b %s"
     hint="Try to use a given FTP server as proxy"
     arguments="Host in standard URL notation: username:password@server:port"
     need_root="0"/>

   <option name="ACK scan"
     option="-sA"
     hint="Try to discover firewall rulesets"
     arguments=""
     need_root="1"/>

   <option name="FIN scan"
     option="-sF"
     hint="Stealth FIN scan mode"
     arguments=""
     need_root="1"/>
</nmap_options>

And here, the piece we should look more carefully:

   <option name="FTP bounce attack"
     option="-b %s"
     hint="Try to use a given FTP server as proxy"
     arguments="Host in standard URL notation: username:password@server:port"
     need_root="0"/>

That's an nmap option! The tag <option> defines a nmap option that can be used by UMIT with the information needed to properly generate and show commands.About the arguments:

Working example :

   <option name="Max Retries"
     option="--max_retries %s"
     hint="Limit the maximum number of retransmissions the port scan engine should do"
     arguments="The number of retransmissions"
     need_root="0"/>

This is a brand new nmap option. Let's make UMIT display it at it's interface...

Profile Editor

As said before, profile_editor.xml is the file that defines Profile Editor window options and organization. This file has a diferent structure when compared to options.xml.

This xml have this structure:

<xml version="1.0"?>

<interface>

   <groups>
      <group name="Scan"/>
   </groups>

   <Scan label='Scan options'>
      <option_list label="TCP scan: ">
         <option name="None"/>
         <option name="ACK scan"/>
         <option name="FIN scan"/>
         <option name="Null Scan"/>
         <option name="TCP SYN Scan"/>
         <option name="TCP connect Scan"/>
         <option name="Window Scan"/>
         <option name="Xmas Tree"/>
      </option_list>

      <option_check label="Idle Scan (Zombie)" option="Idle Scan" arg_type="str"/>
      <option_check label="Scan random hosts" option="Scan random hosts" arg_type="int"/>

   </Scan>

</interface>

This example is not the real file. There is only the main tags that I need to explain. The root tag is 'interface'. This tag needs no argument. So, it's not worth to mention. The tag 'groups' follows, and inside it we define the groups that the Profile Editor window should display. Each 'group' tag define a new tab at Profile Editor. The argument 'name' is used in two distinct situations: at the label of the tab and at the tag that defines it's content in this xml. UMIT's original profile_editor.xml has the group with name 'Scan'. If you look at the UMIT Interface, inside Profile Editor window, you'll see that there is a tab with this name. The content of this tab is defined above, inside the tag 'Scan'.

Defining tab content

Inside a tab we can define which options we want to show and the sequence they will be arranged. UMIT arrange options following the sequence of options at profile_editor.xml. Simple, isn't it?

Adding options

Each option has it's own behavior. Some of them, works with arguments, others, works only with integer arguments, and some require a path to a file. There is two distinct tags that defines all this behavior: option_list and option_check.

option_list

Some options are exclusive. They just can't be used together. In this case, we can create a list of options. At the interface, will appear a drop down list with some options to choose. This way you can only use one per time.


There are option lists at 'TCP Scan', 'Special Scans' and 'Timing'.

To define a option list, follow the sintax above:

   <option_list label="TCP scan: ">
      <option name="None"/>
      <option name="ACK scan"/>
      <option name="FIN scan"/>
      <option name="Null Scan"/>
      <option name="TCP SYN Scan"/>
   </option_list>

We create a new option list creating a new 'option_list' tag. The argument 'label' at 'option_list' tag define the label that should appear at the interface. Inside this tag, we define which options should be listed in the drop down menu. The tag that define these options is the 'option' tag and the argument 'name' define which option at options.xml we want to use. No big deal, uh?

option_check

Almost every option can be expressed with this tag. Options that require integer, strings and even paths as arguments can be easily defined within this tag.

The main 'option_check' tag arguments are: 'label', that defines the text that will be shown at the option; 'option', with the name of the option at options.xml that we are setting; 'arg_type', defining which kind of argument this option should receive.

Types of options:

Setting a new option on Profile Editor

We saved the option 'Max Retries' at options.xml. Now, we're going to make it appear at Profile Editor window. As we now, this option require a numerical argument, that is the number of retransmitions that the scan engine should do.

Find the tab you wish to add this brand new option, and add this tag:

   <option_check label='Maximum Retries' option='Max Retries' arg_type='int'>

Restart UMIT, and see what happened! ;-)

Adding this option to the Wizard

The wizard.xml file has the same sintax explained at profile_editor.xml. So, to add this option to Wizard interface, find the step you want to add the new option, and add the same 'option_check' you added at profile_editor.xml.



Contacting me:


Adriano Monteiro Marques
December 30th 2005
Goiania - Brazil


SourceForge.net Logo