Nmap Development mailing list archives
Re: [NSE] ASN
From: David Fifield <david () bamsoftware com>
Date: Fri, 5 Sep 2008 21:54:41 -0600
On Sat, Sep 06, 2008 at 01:29:18AM +0100, jah wrote:
On 04/09/2008 05:27, Michael Pattrick wrote:Responding with amazing speed, Team Cymru says: These should really be in separate zones... I went ahead and put the peer data in peer-nmap instead.Aye! Attached is an updated ASN.nse which takes full advantage of those changes. It uses the nmap and peer-nmap zones and combines the answers into unique BGPs to reduce unnecessary output. It uses the nmap6 zone for IPv6 queries - I've included functions from ipOps [1] and a patched [2] dns.reverse() to make IPv6 queries (which are cool) possible. Answers are displayed ordered by ascending BGP size which looks better than the jumble they were before and you get the most specific info first. The excellent dns library is used to send queries and decode the result and which also means that supplying a dns server as a script-arg is not usually necessary (unless you happen to be -6 scanning from a windows XP box). It performs an ASN to AS Description lookup for all origin AS numbers as suggested by David. This, remember, requires extra queries using "asn.cymru.com" and not one of the zones set aside for nmap, but I can't see a problem doing so and the information is worth the trouble.
This looks really good. I have checked in the new ipOps.lua and ASN.nse, and the patch to dns.lua. I modified ASN.nse and whois.nse to use the library instead of duplicating the functions. It appears to work okay but I'd like you to check my work. I was surprised once when a function I deleted out of the *** UTILITY FUNCTIONS *** section wasn't in ipOps (get_prefix_length). I left it duplicated in both scripts. I found two functions in ipOps.nse that don't appear to be used anywhere: todword and get_parts_as_number. Am I right that they are unused, or did I miss something? I guess they were in the old ipOps, but if we don't use them let's get rid of them. Especially as todword doesn't support IPv6 addresses. Why did you have compare_ip take two addresses and an operator? Maybe there's a good reason for it. I would have expected the function to return negative, zero, or positive like strcmp. If you scan a whole netblock with ASN.nse you get a ton of the same answers. Is there a way to make it say "See the result for" like whois.nse does? Anyway, please check that I integrated everything correctly. This has been a lot of work over a few months. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] ASN made more robust and documented - much more to do. jah (Aug 15)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)
- Message not available
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 01)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN jah (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN David Fifield (Sep 16)
- Re: [NSE] ASN jah (Sep 06)
- Message not available
- Re: [NSE] ASN ipOps and whois jah (Sep 06)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)