Nmap Development mailing list archives
Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Mon, 16 May 2011 23:12:47 +0200
On 19 April 2011 10:02, John Bond <john.r.bond () gmail com> wrote:
On 19 April 2011 01:17, David Fifield <david () bamsoftware com> wrote:Thanks, John, I put these changes in a local branch. Remind me, do you have a working NSEC3 enumeration script, or are still working on it?Not really, i have a proof of concept script which is slow, buggy and keeps changing. i am not sure of the best way to do this yet. Ill have another look at it tonight
Ok i finally got round to looking at this again and like i said i have tried various different methods. and the more i think about this the more i think nmap is not the correct tool for this. As far as i can tell you would need to run this for ever and then quit when you think you have got enough records or you continue to get repeat entries. as far as i can tell the nsec3walker works this way On 5 April 2011 01:47, David Fifield <david () bamsoftware com> wrote:
You don't run forever--run until every hash value is accounted for. Guess a name, and suppose that an NSEC3 comes back with values 246e6bbc and 27fb6080.
unfortunatly this is not how it happens, its not like nsec which says there is nothing between a and b. All its says is the next hash is b
Now you know that 246e6bbc and 27fb6080 exist, and nothing between them does.
Again this is not the case, even if the above was true, all you would know is nothing exists between A and B where hash(A)==246e6bbc and hash(b)==27fb6080 The best thing i can think of is using something like the following subdomain = base32.enc(openssl.rand_bytes(20),true) #this is old code and i think we could probably get away with a random 5-10 char string to generate the next guess and then try and have a bit of fuzzy logic too work out a logical time to give up. If im missing something obvious here then i would welcome comments are recommendations. I would also welcome some discussion on if people think this type of script dose sit well with nmap and if so what type of configuration would you want to pass to have the script stop. e.g. after x amount of hashs have been enumerated, after x amount of duplicates have been received, after x amount of time has passed, something else. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEC Enumeration script David Fifield (Apr 04)
- Re: NSEC Enumeration script Rajendra Pondel (Apr 04)
- Re: NSEC Enumeration script John Bond (Apr 05)
- Re: NSEC Enumeration script John Bond (Apr 07)
- Re: NSEC Enumeration script David Fifield (Apr 18)
- Re: NSEC Enumeration script John Bond (Apr 19)
- Re: NSEC Enumeration script John Bond (May 16)
- Re: NSEC Enumeration script John Bond (May 16)
- Re: NSEC Enumeration script John Bond (Apr 07)