Nmap Development mailing list archives
Re: IPv6 Descovery scripts
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 19 Jun 2015 22:51:45 -0500
John, Thanks for the initial effort. I have some concerns or questions based on the existing state of these scripts. The primary thing I think they need is good documentation, especially the description. In one case, you haven't changed the description from that of targets-ipv6-wordlist at all. The other two have the same description as each other.
From what I can understand, given an IPv6 network prefix, the scripts
generate addresses in the following ways: * targets-ipv6-dhcp adds certain consecutive address blocks like the first 255 addresses (*::1 to *::ff) and the range *::3e8 to *::7d0, based on default behavior of some DHCP6 servers. * targets-ipv6-mac brute-forces the last 3 octets of a MAC address given a vendor MAC prefix to generate SLAAC MAC-based addresses. * targets-ipv6-ports appears to work on the assumption that addresses are assigned according to what service is offered on the host, so that a web server (80 in hex is 0x50) would have an address ending in :50. Addresses are generated based on a list of port numbers. The other confusion I had when reading these comes in part from the fact that Raúl's original scripts were written to be part of a larger framework that supported his academic work. I removed the interdependencies in order to commit the first scripts, but a lot of the structure is still there, and is not self-documenting for someone without Spanish language skills. You may be better off stripping the script down to essentials before adding your new capability. Please let me know if my understanding is incorrect. Dan On Fri, Jun 19, 2015 at 10:06 AM, john <nmap-dev () johnbond org> wrote:
Hi All, I have created a few scripts to preform ipv6 descovery based pfuzz[1]. I know this has been descussed before and i thought someone had created some scripts so this could be a wasted effort. To create the script i used targets-ipv6-wordlist[2] as a template. Ideally some of that should be placed into a library instead of having duplicated code. Also there are definetly some efficiency improvments that can be made to the mac script. The scripts are * targets-ipv6-dhcp - generate a list of address based on common dhcp leasses * targets-ipv6-mac - generate a list of address based on common slacc leasses * targets-ipv6-ports - generate a list of address based on common slacc leasses I will try to do the work to tidy these scripts however i have talked about scripts simlar to this for i think well over a year and i dont get much time to play with nmap these days so i thought it best i just send them in in case someone else wants to clean them up Thanks John [1]https://github.com/dragonresearchgroup/pfuzz [2]http://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html [3]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-dhcp.nse [4]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-mac.nse [5]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-ports.nse _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 Descovery scripts john (Jun 19)
- Re: IPv6 Descovery scripts Daniel Miller (Jun 19)
- Re: IPv6 Descovery scripts John (Jun 30)
- Re: IPv6 Descovery scripts Raul Fuentes (Jun 30)
- Re: IPv6 Descovery scripts Daniel Miller (Jun 19)