Re: IPv6 Descovery scripts

[Daniel Miller <bonsaiviking () gmail com>]

John,

Thanks for the initial effort. I have some concerns or questions based on
the existing state of these scripts. The primary thing I think they need is
good documentation, especially the description. In one case, you haven't
changed the description from that of targets-ipv6-wordlist at all. The
other two have the same description as each other.

> From what I can understand, given an IPv6 network prefix, the scripts
generate addresses in the following ways:

* targets-ipv6-dhcp adds certain consecutive address blocks like the first
255 addresses (*::1 to *::ff) and the range *::3e8 to *::7d0, based on
default behavior of some DHCP6 servers.
* targets-ipv6-mac brute-forces the last 3 octets of a MAC address given a
vendor MAC prefix to generate SLAAC MAC-based addresses.
* targets-ipv6-ports appears to work on the assumption that addresses are
assigned according to what service is offered on the host, so that a web
server (80 in hex is 0x50) would have an address ending in :50. Addresses
are generated based on a list of port numbers.

The other confusion I had when reading these comes in part from the fact
that Raúl's original scripts were written to be part of a larger framework
that supported his academic work. I removed the interdependencies in order
to commit the first scripts, but a lot of the structure is still there, and
is not self-documenting for someone without Spanish language skills. You
may be better off stripping the script down to essentials before adding
your new capability.

Please let me know if my understanding is incorrect.

Dan

On Fri, Jun 19, 2015 at 10:06 AM, john <nmap-dev () johnbond org> wrote:

> Hi All,
>
> I have created a few scripts to preform ipv6 descovery based pfuzz[1].
> I know this has been descussed before and i thought someone had created
> some scripts so this could be a wasted effort.  To create the script i
> used targets-ipv6-wordlist[2] as a template.  Ideally some of that
> should be placed into a library instead of having duplicated code.  Also
> there are definetly some efficiency improvments that can be made to the
> mac script.  The scripts are
>
>   * targets-ipv6-dhcp - generate a list of address based on common dhcp
> leasses
>   * targets-ipv6-mac - generate a list of address based on common slacc
> leasses
>   * targets-ipv6-ports - generate a list of address based on common
> slacc leasses
>
> I will try to do the work to tidy these scripts however i have talked
> about scripts simlar to this for i think well over a year and i dont get
> much time to play with nmap these days so i thought it best i just send
> them in in case someone else wants to clean them up
>
> Thanks John
>
> [1]https://github.com/dragonresearchgroup/pfuzz
> [2]http://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html
> [3]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-dhcp.nse
> [4]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-mac.nse
> [5]https://github.com/b4ldr/nse-scripts/blob/master/targets-ipv6-ports.nse
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/