Re: [NSE] ASN

[David Fifield <david () bamsoftware com>]

On Sat, Sep 06, 2008 at 01:29:18AM +0100, jah wrote:
> On 04/09/2008 05:27, Michael Pattrick wrote:
> > Responding with amazing speed, Team Cymru says:
> >
> > These should really be in separate zones... I went ahead and put the peer
> > data in peer-nmap instead.
>
> Aye!  Attached is an updated ASN.nse which takes full advantage of those
> changes.
>
> It uses the nmap and peer-nmap zones and combines the answers into
> unique BGPs to reduce unnecessary output.
> It uses the nmap6 zone for IPv6 queries - I've included functions from
> ipOps [1] and a patched [2] dns.reverse() to make IPv6 queries (which
> are cool) possible.
> Answers are displayed ordered by ascending BGP size which looks better
> than the jumble they were before and you get the most specific info first.
> The excellent dns library is used to send queries and decode the result
> and which also means that supplying a dns server as a script-arg is not
> usually necessary (unless you happen to be -6 scanning from a windows XP
> box).
> It performs an ASN to AS Description lookup for all origin AS numbers as
> suggested by David.  This, remember, requires extra queries using
> "asn.cymru.com" and not one of the zones set aside for nmap, but I can't
> see a problem doing so and the information is worth the trouble.

This looks really good. I have checked in the new ipOps.lua and ASN.nse,
and the patch to dns.lua. I modified ASN.nse and whois.nse to use the
library instead of duplicating the functions. It appears to work okay
but I'd like you to check my work. I was surprised once when a function
I deleted out of the *** UTILITY FUNCTIONS *** section wasn't in ipOps
(get_prefix_length). I left it duplicated in both scripts.

I found two functions in ipOps.nse that don't appear to be used
anywhere: todword and get_parts_as_number. Am I right that they are
unused, or did I miss something? I guess they were in the old ipOps, but
if we don't use them let's get rid of them. Especially as todword
doesn't support IPv6 addresses.

Why did you have compare_ip take two addresses and an operator? Maybe
there's a good reason for it. I would have expected the function to
return negative, zero, or positive like strcmp.

If you scan a whole netblock with ASN.nse you get a ton of the same
answers. Is there a way to make it say "See the result for" like
whois.nse does?

Anyway, please check that I integrated everything correctly. This has
been a lot of work over a few months.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org