Nmap Development mailing list archives
Re: nmap-dev Digest, Vol 72, Issue 54
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 23 Mar 2011 19:03:48 +0200
How do you think nmap could benefit from using CUDA? I was thinking about this possibility earlier, but was not able to put my finger on it. On Wed, Mar 23, 2011 at 5:00 PM, Kamal Banga <banga.kamal () gmail com> wrote:
I am a second year CSE student. I have seen that many-a-times nmap users have to do intense scans. I know CUDA and a bit about multithreaded programming. How about developing multithreaded code for nmap. And after all it will be a brand image for nmap! as now-a-days softwares use it. Like Matlab is available in both single and multi threaded applications. Kamal On Wed, Mar 23, 2011 at 4:52 AM, <nmap-dev-request () insecure org> wrote:Send nmap-dev mailing list submissions to nmap-dev () insecure org To subscribe or unsubscribe via the World Wide Web, visit http://cgi.insecure.org/mailman/listinfo/nmap-dev or, via email, send a message with subject or body 'help' to nmap-dev-request () insecure org You can reach the person managing the list at nmap-dev-owner () insecure org When replying, please edit your Subject line so it is more specific than "Re: Contents of nmap-dev digest..." Today's Topics: 1. Re: [NSE] Draft - targets-sniffer.nse (Toni Ruottu) 2. Re: [NSE] Draft - targets-sniffer.nse (Nick Nikolaou) 3. Re: [NSE] SSL Fingerprint Matching (David Fifield) 4. Re: [NSE] Draft - targets-sniffer.nse (Patrick Donnelly) 5. Information about IPv6 project. (Nikhil Jindal) 6. Retrieving the current time via ICMP type 14 (Chris Datfung) 7. Re: Retrieving the current time via ICMP type 14 (jaydeep) 8. Default user agent patch (Hani Benhabiles) ---------------------------------------------------------------------- Message: 1 Date: Tue, 22 Mar 2011 21:17:39 +0200 From: Toni Ruottu <toni.ruottu () iki fi> Subject: Re: [NSE] Draft - targets-sniffer.nse To: Nick Nikolaou <nikolasnikolaou1 () gmail com> Cc: nmap-dev () insecure org Message-ID: <AANLkTinmWRG9wqtoWntVtwajeaxXAVf8sn13o4j040od () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 This thing is cool! It fails unless you are root, for understandable reasons. Do we have some kind of policy for scripts that require root? I think there should be a way for scripts to report this to nmap, and nmap should probably abort the scan if the user is has request root features while being nonroot. I am not sure, if this is possible at the moment. I am not sure I understand the big picture. It would be useful for the final version to take a filter argument that is used to filter out noise. Maybe we want to scan all service that one host is accessing, or maybe we want to scan all hosts that are accessing some service. I think there are some standard languages for defining such packet filtering. We should probably implement them in a library rather than each script specifically. What filtering languages do we want to use? Do we already have support for one of them? On Tue, Mar 22, 2011 at 8:44 PM, Nick Nikolaou <nikolasnikolaou1 () gmail com> wrote:Hello everyone, Attached is a draft of a targets-sniffer script. The script sniffs for a configured amount of a time and adds addresses from packets it sees in newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer) The script still needs work but I was hoping to get some feedback fromthelist. Example usage: nmap -sL --script targets-sniffer.nse --script-args=newtargets This will perform a list scan on the IP addresses it sniffs, ignoring duplicates and broadcasts. (You can use -d to see the IP addresses astheyare sniffed) *Issues that need to be resolved:* 1) The sniffing interface is hard-coded at the moment. Is there a way togetthe active interface in a prerule script? Alternatively I could changetherule to a hostrule. (and maybe a high enough runlevel to ensure thescriptruns first?) 2) The pcap socket doesn't time out. ?The only way I got it to timeoutwasto set the timeout value to <=1s. Even then if it sniffed a packet it wouldn't timeout. I ended up using a temporary nmap.clock() basedsolutionin order to test the script. 3) I'm not really happy with the way the script extracts the IP addresses from the packets at the moment. 4) Any other issues you find. Thanks for any feedback. Nick _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/------------------------------ Message: 2 Date: Tue, 22 Mar 2011 19:46:05 +0000 From: Nick Nikolaou <nikolasnikolaou1 () gmail com> Subject: Re: [NSE] Draft - targets-sniffer.nse To: Toni Ruottu <toni.ruottu () iki fi> Cc: nmap-dev () insecure org Message-ID: <AANLkTikH_v=9n8_ijiweryUYDNm=yh9VMs4efHp1-X0j () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Thanks for the quick replies guys. I can't look into the other issues you mention about the script right now,but glancing at it I see you aren't using the Packet nselib. Look at nselib/packet.lua and the various raw packet scripts (ipidseq, qscan, path-mtu, firewalk) to see how to use it (the nselib provides more than what scripts use right now IIRC).For this you should use the packet library:http://nmap.org/nsedoc/lib/packetThanks. I did see other scripts using the Packet library but I was having trouble getting the IP addresses. I guess I have some more reading to do. We don't have a way for scripts to get the list of interfaces, butDjalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291. It hasn't been added yet because there isn't a script to use it, but you can make it a part of your patch if it helps.I'll see if/how I could incorporate that, thanks. On 22 March 2011 19:17, Toni Ruottu <toni.ruottu () iki fi> wrote: It fails unless you are root, for understandable reasons. I forgot to mention that. I'll make sure I add it to the description field. Nick On 22 March 2011 19:17, Toni Ruottu <toni.ruottu () iki fi> wrote:This thing is cool! It fails unless you are root, for understandable reasons. Do we have some kind of policy for scripts that require root? I think there should be a way for scripts to report this to nmap, and nmap should probably abort the scan if the user is has request root features while being nonroot. I am not sure, if this is possible at the moment. I am not sure I understand the big picture. It would be useful for the final version to take a filter argument that is used to filter out noise. Maybe we want to scan all service that one host is accessing, or maybe we want to scan all hosts that are accessing some service. I think there are some standard languages for defining such packet filtering. We should probably implement them in a library rather than each script specifically. What filtering languages do we want to use? Do we already have support for one of them? On Tue, Mar 22, 2011 at 8:44 PM, Nick Nikolaou <nikolasnikolaou1 () gmail com> wrote:Hello everyone, Attached is a draft of a targets-sniffer script. The script sniffs foraconfigured amount of a time and adds addresses from packets it sees in newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer) The script still needs work but I was hoping to get some feedback fromthelist. Example usage: nmap -sL --script targets-sniffer.nse --script-args=newtargets This will perform a list scan on the IP addresses it sniffs, ignoring duplicates and broadcasts. (You can use -d to see the IP addresses astheyare sniffed) *Issues that need to be resolved:* 1) The sniffing interface is hard-coded at the moment. Is there a waytogetthe active interface in a prerule script? Alternatively I could changetherule to a hostrule. (and maybe a high enough runlevel to ensure thescriptruns first?) 2) The pcap socket doesn't time out. The only way I got it to timeoutwasto set the timeout value to <=1s. Even then if it sniffed a packet it wouldn't timeout. I ended up using a temporary nmap.clock() basedsolutionin order to test the script. 3) I'm not really happy with the way the script extracts the IPaddressesfrom the packets at the moment. 4) Any other issues you find. Thanks for any feedback. Nick _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/------------------------------ Message: 3 Date: Tue, 22 Mar 2011 12:47:01 -0700 From: David Fifield <david () bamsoftware com> Subject: Re: [NSE] SSL Fingerprint Matching To: Mak Kolybabi <mak () kolybabi com> Cc: nmap-dev <nmap-dev () insecure org> Message-ID: <20110322194700.GW27978 () gusto bamsoftware com> Content-Type: text/plain; charset=us-ascii On Sun, Mar 20, 2011 at 10:13:40PM -0500, Mak Kolybabi wrote:On 2011-02-22 13:24, David Fifield wrote:To save space, how about storing hashes in the database without colons separating bytes? They can continue to be shown in output.The script now has a function that adds the colons back in when the fileis readin.The output looks like this: |_ssl-known-key:00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96 is in the database with reason Little Black Box 0.1.Please change it to be |_ssl-known-key: Found in Little Black Box 0.1 -http://code.google.com/p/littleblackbox/ (certificate hash: 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96)This will give users a little more context if they don't know what the script is for.The script output has been flipped around to match the second format.Related to that, it would be nice if the description string didn't haveto berepeated for hashes with the same description. Could the data file bereworkedinto something like this: [Little Black Box 0.1 - http://code.google.com/p/littleblackbox/] 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96 00:3A:E5:45:D6:9C:47:FB:1C:C2:53:59:AA:D7:54:62:D6:D7:89:90 00:3C:F1:AB:48:B4:6C:41:5E:48:15:10:3F:F8:28:AC:7C:60:D5:51The script has been changed to accept sections in square brackets. Any fingerprint before the first section is ignored and a warning is printed.Thanks for finishing this and for writing the script in the first place. It's always a pleasure to work with your code. I've just committed it. David Fifield ------------------------------ Message: 4 Date: Tue, 22 Mar 2011 15:53:56 -0400 From: Patrick Donnelly <batrick () batbytes com> Subject: Re: [NSE] Draft - targets-sniffer.nse To: Toni Ruottu <toni.ruottu () iki fi> Cc: Nick Nikolaou <nikolasnikolaou1 () gmail com>, nmap-dev () insecure org Message-ID: <AANLkTik5P4UgM2Z8m5uR5n4fLmcu9pNdcUakNRUcu2ER () mail gmail com> Content-Type: text/plain; charset=UTF-8 On Tue, Mar 22, 2011 at 3:17 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:This thing is cool! It fails unless you are root, for understandable reasons. Do we have some kind of policy for scripts that require root?Well, ideally you would just throw an error in the script if you don't have root, something like: if not nmap.is_privileged() then error "i require r00t" end we could even make that an (empty) module to require: require "root" I think in the past we decided it was decided that errors thrown this way can't be used because it ends up aborting the entire scan. In earlier versions of NSE, this would actually occur in the middle of a scan which made it *really* annoying. Now we have NSE loaded at Nmap startup so this isn't quite as big an issue. I myself would like to see these types of errors ignored by NSE (as in, "the script isn't broken, but it can't run for X reason"). Currently, as an example, we have these awkward constructions in mysql-brute.nse: -- ripped from ssh-hostkey.nse -- openssl is required for this script if not pcall(require,"openssl") then portrule = function() return false end action = function() end stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", SCRIPT_NAME) return; end I think it should be possible to modify (hook) require so that these types of errors remain silent (except with debugging == 3).I think there should be a way for scripts to report this to nmap, and nmap should probably abort the scan if the user is has request root features while being nonroot. I am not sure, if this is possible at the moment. I am not sure I understand the big picture.We could make it so if a user requests a script "by name" that Nmap aborts the scan when a required feature is missing, e.g. openssl or r00t. This is similar to how we increase the verbosity when the script is specified "by name" on the command line. -- - Patrick Donnelly ------------------------------ Message: 5 Date: Wed, 23 Mar 2011 02:16:23 +0530 From: Nikhil Jindal <dcenikhil () gmail com> Subject: Information about IPv6 project. To: nmap-dev () insecure org Message-ID: <AANLkTi=Fp5G7DBaftQTbyq7mbYcpL_MJhbtHZgU5f-4W () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Hi I am Nikhil Jindal, pursuing B.Tech in Information Technology. I have deep interest in networking and I want to work for nmap as a GSoc intern. I have proficiency working with C/C++ and I have worked on network manager of Linux kernel. I have also implemented some small projects in networking just out of interest. I would like to know more about this project "IPv6 Expert". Please let me know the requirements that I need to have to be capable to work on this project. Regards, Nikhil Jindal ------------------------------ Message: 6 Date: Tue, 22 Mar 2011 23:36:35 +0200 From: Chris Datfung <chris.datfung () gmail com> Subject: Retrieving the current time via ICMP type 14 To: nmap-dev () insecure org Message-ID: <AANLkTim_jq1DT1_w9cmB-gbrC+m+G2-apAJi0fbqZWzh () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Can nmap display the current time from a remote host that has ICMP timestamps open? The -PP option does not include this in its open strangely enough. Thanks, Chris ------------------------------ Message: 7 Date: Wed, 23 Mar 2011 04:02:40 +0530 From: jaydeep <jaydeepkhandelwal () gmail com> Subject: Re: Retrieving the current time via ICMP type 14 To: nmap-dev () insecure org Message-ID: <AANLkTinfK8YvW=kxwJFwR3CvnmfWzzuLePRi+M1Am4qp () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 nmap also does not provide victim host name if victim is on linux machine. On Wed, Mar 23, 2011 at 3:06 AM, Chris Datfung <chris.datfung () gmail comwrote:Can nmap display the current time from a remote host that has ICMP timestamps open? The -PP option does not include this in its openstrangelyenough. Thanks, Chris _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Jaydeep Khandelwal Btech 3rd year IIIT Hyderabad ------------------------------ Message: 8 Date: Wed, 23 Mar 2011 00:22:10 +0100 From: Hani Benhabiles <kroosec () gmail com> Subject: Default user agent patch To: nmap-dev () insecure org Message-ID: <AANLkTikUaevwRK2SY5P3w=3AmCxspyqEH_Vd2xjsSM1V () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi list, I've noticed that in the http nselib the default user agent is hard coded as "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" this could be easily detected by an IDS/IPS. I've attached a patch that changes it to the user agent pfa Firefox 3.6 web browser on a Windows 7 machine. This would make the http traffic generated look more authentic. Hani -------------- next part -------------- A non-text attachment was scrubbed... Name: http.lua.patch Type: text/x-diff Size: 685 bytes Desc: not available URL: < http://cgi.insecure.org/mailman/private/nmap-dev/attachments/20110323/fc1ae7f0/attachment.bin------------------------------ _______________________________________________ nmap-dev mailing list nmap-dev () insecure org http://cgi.insecure.org/mailman/listinfo/nmap-dev End of nmap-dev Digest, Vol 72, Issue 54 ****************************************_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nmap-dev Digest, Vol 72, Issue 54 Kamal Banga (Mar 23)
- Re: multi-threaded Nmap David Fifield (Mar 23)
- Re: multi-threaded Nmap Jacky Jack (Mar 23)
- Re: nmap-dev Digest, Vol 72, Issue 54 Toni Ruottu (Mar 23)
- Re: multi-threaded Nmap David Fifield (Mar 23)