Nmap Development mailing list archives

Re: How is whois.nse coming along?

From: jah <jah () zadkiel plus com>
Date: Mon, 30 Jun 2008 02:49:03 +0100

On 29/06/2008 04:33, Fyodor wrote:

Hi Jah.  How is whois.nse coming along?  This script was actually the
prime motivator for the NSE mutex system:

http://nmap.org/book/nse-api.html#nse-mutex

Have you had a chance to try updating whois.nse to use mutex so that
it solves the query concurrency problem and we can add it to
nmap/scripts ?  Maybe it could do something like:

1) Check the registry to see if whois information is already available
   for a netblock containing the target IP.  If so, either print that,
   or print a pointer to the IP which was used initially to look up
   the data.  e.g. "Same as ww.x.yyy.z".  If the data can be expressed
   in a few lines, it might be best to just repeat it.  If it takes 10
   lines, we should probably just use the pointer.  If the data isn't
   available, continue.

2) Try to lock a whois.nse-specific mutex.

3) Once you have the mutex locked, you probably need to repeat check
   #1, as the data might have been added while you were waiting on the
   mutex.  If not, continue.

4) Do the whois query, add the information to the registry for the
   given netblock.

5) Unlock the mutex.  Return the data.

The process could possibly be optimized a bit.  This is just an
off-the-cuff proposal.  And you may end up that 64.5.5.10 runs before
64.5.5.9, so .9 ends up with a forward pointer to the .10 results.  I
think that is fine.

I have a working script that requires some more testing due to the
changes made in order to utilise mutex - I've really not had a lot of
time for this lately (or anything else interesting), but it is at the
top of my nmap list of things to do.

The script now uses a locally cached copy of IANA's IPv4 Global Unicast
Address Assignments [1] to determine which service to query by matching
the target against the assignment prefix ( nnn/8 ). The file is
currently being stored alongside nmap-services et al. since the script
uses nmap.fetchfile() to get a directory path.  I wonder if anyone has
any opinions on whether this is a good or bad place to store it - it's
certainly the most convenient and should be satisfactory across all
platforms, but if Kris introduces a data directory for nselib data files
[2], maybe it could go there.

The script utilises a mutex for each whois service defined which allows
both queuing for a given service and concurrent queries at different
services.  This, in addition to the cached assignments data, means that
the number of queries is reduced and that the script finishes as quickly
as is possible.

During testing using Patrick's branch of svn, I found that threads were
no longer starting (or rather, resuming) in the target order defined on
the commandline and so, when scanning a range of targets from a given
assignment, the whois queries were being made for a target that wasn't
necessarily the first one in the range.  This made the presentation of
pointers to the host script result a bit ugly:

    Interesting ports on 116.128.0.1:
    Host script results:
    |_ WHOIS: see the result for 116.128.0.3

    Interesting ports on 116.128.0.2:
    Host script results:
    |_ WHOIS: see the result for 116.128.0.3

    Interesting ports on 116.128.0.3:
    Host script results:
    |  WHOIS: Record found at whois.apnic.net
    |  inetnum: 116.128.0.0 - 116.191.255.255
    |  netname: NGTC
    |  descr: New Guoxin Telecom Corporation
    |_ country: CN

    Interesting ports on 116.128.0.4:
    Host script results:
    |_ WHOIS: see the result for 116.128.0.3

    Interesting ports on 116.128.0.5:
    Host script results:
    |_ WHOIS: see the result for 116.128.0.3

which is more of a pain the more targets scanned.  Since this is really
only an issue of presentation, it was fairly trivial to alter the
procedure for caching results and subsequently checking the cache to
ensure that the first target in range always returns the host script
result.  Strangely enough, since the merge of Patrick's branch, threads
seem to be resuming in order again, so we're now doubly assured of a
nice ordered result!

I'll get the bulk of the testing done and post the script for people to
play with and then I can do any code tidying (I'm sure I can make some
parts a bit more terse) and nsedoc in slowtime.  It'd be good to get the
testing done in time for the next release, but that could be pushing it
given that Nmap 4.69 is probably only days away :)

Regards,

jah


[1] - http://www.iana.org/assignments/ipv4-address-space
[2] - http://seclists.org/nmap-dev/2008/q2/0740.html


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

autonomous system numbers NSE script Michael Pattrick (Jun 17)
- Re: autonomous system numbers NSE script Kris Katterjohn (Jun 17)
- Re: autonomous system numbers NSE script jah (Jun 18)
  - Re: autonomous system numbers NSE script Fyodor (Jun 28)
    - Re: How is whois.nse coming along? jah (Jun 29)
    - Re: How is whois.nse coming along? Kris Katterjohn (Jun 29)
    - Re: How is whois.nse coming along? jah (Jun 29)
    - Re: How is whois.nse coming along? Patrick Donnelly (Jun 29)
- Re: autonomous system numbers NSE script Fyodor (Jun 28)