Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: address-info.nse

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 9 Jul 2011 10:53:06 +0300
I like the script idea. IPv4 addresses have information encoded in
them as well. Atleast there are different address ranges for loopback,
LAN, WAN, documentation etc.

Typically we prefix names of scripts that operate by ip address with
"ip-". I would also like to call this something other than info just
because an info script would typically talk to the host to figure out
details. Maybe we could name this script simply ip-address.nse.

On Sat, Jul 9, 2011 at 7:49 AM, David Fifield <david () bamsoftware com> wrote:

Because IPv6 addresses are so big, they often encode information such as
an IPv4 address. The attached script extracts embedded data from
addresses. It does all its computation locally.

I have implemented five IPv6 formats:
 * IPv4-compatible IPv6 addresses,
 * IPv4-mapped IPv6 addresses,
 * Teredo IPv6 addresses,
 * 6to4 IPv6 addresses, and
 * stateless address autoconfiguration (SLAAC) addresses using EUI-64.
from these we can get various combinations of IPv4 addresses, MAC
addresses, and (in the case of Teredo) a port number. There is a place
for IPv4 addresses too but I haven't thought of any IPv4 address
formats. Some other ideas for IPv6 addresses are at
https://secwiki.org/w/Nmap/Script_Ideas#address-info.

At the end is a sample of the output.

David Fifield

Nmap scan report for ::1.2.3.4
Host script results:
|_address-info: IPv4-compatible; IPv4 address: 1.2.3.4

Nmap scan report for ::ffff:1.2.3.4
Host script results:
|_address-info: IPv4-mapped; IPv4 address: 1.2.3.4

Nmap scan report for 2001:0:506:708:282a:3d75:fefd:fcfb
Host script results:
| address-info: Teredo:
|   Server IPv4 address: 5.6.7.8
|   Client IPv4 address: 1.2.3.4
|_  UDP port: 49802

Nmap scan report for 2002:102:304::1
Host script results:
|_address-info: 6to4: IPv4 address: 1.2.3.4

Nmap scan report for fe80::a8bb:ccff:fedd:eeff
Host script results:
|_address-info: SLAAC IPv6; MAC address: aa:bb:cc:dd:ee:ff

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: