Nmap Development mailing list archives
Re: [NSE] ASN
From: jah <jah () zadkiel plus com>
Date: Sat, 06 Sep 2008 01:29:18 +0100
On 04/09/2008 05:27, Michael Pattrick wrote:
Responding with amazing speed, Team Cymru says: These should really be in separate zones... I went ahead and put the peer data in peer-nmap instead. There is also an Ipv6 zone: nmap6 peer-nmap6 - does not exist at this time --- This should fix the problem and we got an extra feature out of it, double plus good!
Aye! Attached is an updated ASN.nse which takes full advantage of those changes. It uses the nmap and peer-nmap zones and combines the answers into unique BGPs to reduce unnecessary output. It uses the nmap6 zone for IPv6 queries - I've included functions from ipOps [1] and a patched [2] dns.reverse() to make IPv6 queries (which are cool) possible. Answers are displayed ordered by ascending BGP size which looks better than the jumble they were before and you get the most specific info first. The excellent dns library is used to send queries and decode the result and which also means that supplying a dns server as a script-arg is not usually necessary (unless you happen to be -6 scanning from a windows XP box). It performs an ASN to AS Description lookup for all origin AS numbers as suggested by David. This, remember, requires extra queries using "asn.cymru.com" and not one of the zones set aside for nmap, but I can't see a problem doing so and the information is worth the trouble. Examples: Host script results: | AS Numbers: | BGP: 64.13.128.0/21 | Country: US | Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc. | Peer AS: 3561 6461 | BGP: 64.13.128.0/18 | Country: US | Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc. |_ Peer AS: 174 2914 6461 In this example we have 3 queries which resulted in peer and origin asn answers for each of the two BG prefixes (4 answers) plus one answer for the description of AS10565. Another example shows a multiple origin answer: Host script results: | AS Numbers: | BGP: 130.195.0.0/16 | Country: NZ | Origin AS: 4763 - TELSTRANZ-AS TelstraClear Ltd | Origin AS: 23905 - VUW-AS-AP Victoria University of Wellington |_ Peer AS: 9901 38022 This one shows a good reason to group the information by BGP: Host script results: | AS Numbers: | BGP: 69.33.44.0/22 | Country: US | Origin AS: 4565 MEGAPATH2-US - MegaPath Networks Inc. | BGP: 69.33.0.0/16 | Country: US |_ Peer AS: 174 2516 2828 2914 3356 3549 7132 7473 11164 11537 The query for this target at peer-nmap returned information relating to 69.33.0.0/16 whilst the origin ASN is for 69.33.44.0/22. Another reason to group by BGP - Two different BGP origins.: Host script results: | AS Numbers: | BGP: 219.150.120.0/24 | Country: CN | Origin AS: 17785 CHINATELECOM-HA-AS-AP asn for Henan Provincial Net of CT | Peer AS: 4134 | BGP: 219.150.112.0/20 | Country: CN | Origin AS: 4134 CHINANET-BACKBONE No.31,Jin-rong Street |_ Peer AS: 174 703 1239 1299 2828 2914 3257 3320 3356 3491 3549 7132 11164 17888 IPv6: Host script results: | AS Numbers: | BGP: 2001:200:c000::/35 | Country: JP | Origin AS: 23634 - E-DNS-JP WIDE Project | BGP: 2001:200:e000::/35 | Country: JP | Origin AS: 7660 - APAN-JP Asia Pacific Advanced Network - Japan | BGP: 2001:200:a000::/35 | Country: JP | Origin AS: 4690 - WIDE-MEXP WIDE Project | BGP: 2001:200::/32 | Country: JP |_ Origin AS: 2500 - WIDE-BB WIDE Project Regards, jah [1] - http://seclists.org/nmap-dev/2008/q3/0226.html [2] - http://seclists.org/nmap-dev/2008/q3/att-0336/dns_lua_patch
Attachment:
ASN.nse.gz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] ASN made more robust and documented - much more to do. jah (Aug 15)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)
- Message not available
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 01)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN jah (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN David Fifield (Sep 16)
- Re: [NSE] ASN jah (Sep 06)
- Message not available
- Re: [NSE] ASN ipOps and whois jah (Sep 06)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)