Nmap Development mailing list archives
Re: Thoughts on script documentation
From: Ron <ron () skullsecurity net>
Date: Thu, 18 Nov 2010 07:48:10 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This makes me think of another feature I've talked about before but that nobody's taken the reins on: the ability to update scripts without updating Nmap. Telling people to "download the svn" to get the newest scripts isn't always realistic, especially with Windows users, and stable builds can be months apart. Having the ability to download the newer nselib/script files in some way would be handy. Of course, talking about it doesn't help. Somebody needs to actually *do* it. Ron On Wed, 17 Nov 2010 22:42:47 -0600 Daniel Miller <bonsaiviking () gmail com> wrote:
Hi, list, This forwarded conversation got me thinking, should there be a "minimum version" for scripts? To sum up, the wdb-version script I wrote requires a line in nmap-rpc, which is not documented anywhere, but that was added in the same revision as the script itself. Other scripts rely on features or configs that are not present before a certain revision. Should this be documented for those who download the script from the NSE doc site? Dan ---------- Forwarded message ---------- From: John Larson <jlarson () qualys com> Date: Wednesday, November 17, 2010 Subject: Questions about nmap wdb-version script To: Daniel Miller <bonsaiviking () gmail com> Hi Daniel, I got it working finally (see below). Is the fact that the line wdb 1431655765 # Wind River Debugger (VxWorks) is required in nmap-rpc for the wdb-version script to work documented anywhere ?? This key info isn't documented either in the comment section of your script, or on http://nmap.org/nsedoc/scripts/wdb-version.html. Thanks, John ----------------------------------------------------- sudo nmap -sU -p 17185 --script wdb-version 10.10.31.45 Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-11-17 12:49 PST Nmap scan report for 10.10.31.45 Host is up (0.0025s latency). PORT STATE SERVICE 17185/udp open wdb | wdb-version: | VULNERABLE: Wind River Systems VxWorks debug service enabled. See http://www.kb.cert.org/vuls/id/362332 | Agent version: 2.0 | VxWorks version: 5.4 | Board Support Package: i-2-eye DVC1000 - ARM9TDMI _ Boot line: |wingnut:KauriCore Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds -----Original Message----- From: Daniel Miller [mailto:bonsaiviking () gmail com] Sent: Wednesday, November 17, 2010 11:12 AM To: John Larson Subject: Re: Questions about nmap wdb-version script John, It will work with the latest subversion build, see http://nmap.org/book/install.html#inst-svn The latest development release, 5.35DC1, still does not have the updated nmap-rpc file. The script should still work, though, if you edit your nmap-rpc file to contain the line I mentioned, or download the latest one directly from http://nmap.org/svn/nmap-rpc Dan On 11/17/2010 11:26 AM, John Larson wrote:Daniel, If I interpret your message correctly, things should work ok with a normal install of the latest version of nmap ? If so, I will just download a new version and try again. Seems like there might be a bug in the script since this was a silent failure. It would have been very helpful to me if the script could have raised an error message rather than silently failing to work. Thanks, John On Wed, Nov 17, 2010 at 7:56 AM, Daniel Miller<bonsaiviking () gmail com>wrote:John, The problem is that the script requires an entry in the nmap-rpc file,likeso: wdb 1431655765 # Wind River Debugger (VxWorks) This change is included in the svn revision that added the scriptitself.Since you are running 5.21, without this line, the script does not run,sothe packets you are seeing are just nmap's null probes to determine iftheport is open or not. Another note, since some devices do not respond to pings, even Nmap's default "ping" sequence, I use the -Pn (skip host discovery) flag when scanning for a single port, since if the host won't respond to thatport, Idon't care if it is up or not. This can actually slow down a UDP scan,sinceno reply is interpreted as open, but for this particular script, itonlyadds one additional UDP packet and timeout. Dan On 11/16/2010 08:54 PM, John Larson wrote: Daniel, Below is all the data for the Metasploit and nmap runs (incl. actual wdb-version script being run) with wireshark data captures attached Metasploit command output msf auxiliary(wdbrpc_bootline)> use auxiliary/scanner/vxworks/wdbrpc_version msf auxiliary(wdbrpc_version)> set RHOSTS 10.10.31.45/32 RHOSTS => 10.10.31.45/32 msf auxiliary(wdbrpc_version)> set RHOST 10.10.31.45 RHOST => 10.10.31.45 msf auxiliary(wdbrpc_version)> run [*] 10.10.31.45: 5.4 i-2-eye DVC1000 - ARM9TDMI wingnut:KauriCore [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(wdbrpc_version)> nmap command output sudo nmap -sU -p 17185 --script-trace --script wdb-version 10.10.31.45 Starting Nmap 5.21 ( http://nmap.org ) at 2010-11-16 18:40 PST NSOCK (0.3310s) nsock_loop() started (timeout=50ms). 0 events pending NSE: Script Scanning completed. Nmap scan report for 10.10.31.45 Host is up (0.0023s latency). PORT STATE SERVICE 17185/udp open|filtered wdbrpc Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAkzlLp4ACgkQ2t2zxlt4g/SbXACg0Qtg5sw4dOwtfqhJU8T89Jkr mB0AoILiIUB7+7I3PPhxH6iVkgbm5b/S =a1Vn -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Thoughts on script documentation Daniel Miller (Nov 17)
- Re: Thoughts on script documentation Ron (Nov 18)
- Re: Thoughts on script documentation Rob Nicholls (Nov 18)
- Re: Thoughts on script documentation Fyodor (Nov 19)
- Re: Thoughts on script documentation Rob Nicholls (Nov 19)
- Re: Thoughts on script documentation Fyodor (Nov 19)
- RE: Thoughts on script documentation Rob Nicholls (Nov 20)
- Re: Thoughts on script documentation 'Fyodor' (Nov 20)
- Re: Thoughts on script documentation Rob Nicholls (Nov 18)
- Re: Thoughts on script documentation Ron (Nov 18)
- Re: Thoughts on script documentation Martin Holst Swende (Dec 10)