Nmap Development mailing list archives
[NSE Script] Tor Node Checker
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 10 Oct 2007 15:37:05 -0500
Hi everyone!Hopefully I didn't get you excited and in hopes of a really awesome tor node script, but if I did then I hope you'll be happy with this :)
I've used tor quite a bit, but I mainly don't since it's so slow. I decided I would, however, like a tor node checking script.
But as we all know here on nmap-dev, I'm not perfect :) Hopefully this will be a good starting ground for others to make a really great script for this.
There are tor service matches in Service Detection, so that makes this script easy when it's employed and matched. However, I wanted to add other tests for systems that are *probably* nodes. This is what this script needs to be really great, since I doubt I've covered enough.
Tor nodes on "tor network status" sites have a lot of ports 9001 and 9030 that are open, but don't match "tor" or "tor-info" (they tend to just be left "unknown"). So I check if they're both open and say it looks like one if so. Should I check for "unknown" for both of these?
These (and others) should be good when version detection isn't run.I hope you guys like the idea of this script and would like to make it cooler. Please let me know what you think! :)
Thanks, Kris Katterjohn
-- Look at the target system and determine (guess) if it's a Tor node -- 10/10/2007 id = "Tor Node" description = "Check if the target is a Tor node" author = "Kris Katterjohn <katterjohn () gmail com>" license = "Look at Nmap's COPYING" categories = {"discovery"} -- If port 9001 is "tor", 9030 is "tor-info" and/or both ports are open hostrule = function(host, port) local p9001 = nmap.get_port_state(host, {number=9001, protocol="tcp"}) local p9030 = nmap.get_port_state(host, {number=9030, protocol="tcp"}) if p9030 ~= nil and p9030.state == "open" then if p9030.service == "tor-info" then return true elseif p9001 ~= nil and p9001.state == "open" then return true end elseif p9001 ~= nil and p9001.state == "open" and p9001.service == "tor" then return true end end action = function(host, port) return "Looks like a Tor node" end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] Tor Node Checker Kris Katterjohn (Oct 10)