Nmap Development mailing list archives
Thoughts on script documentation
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 17 Nov 2010 22:42:47 -0600
Hi, list, This forwarded conversation got me thinking, should there be a "minimum version" for scripts? To sum up, the wdb-version script I wrote requires a line in nmap-rpc, which is not documented anywhere, but that was added in the same revision as the script itself. Other scripts rely on features or configs that are not present before a certain revision. Should this be documented for those who download the script from the NSE doc site? Dan ---------- Forwarded message ---------- From: John Larson <jlarson () qualys com> Date: Wednesday, November 17, 2010 Subject: Questions about nmap wdb-version script To: Daniel Miller <bonsaiviking () gmail com> Hi Daniel, I got it working finally (see below). Is the fact that the line wdb 1431655765 # Wind River Debugger (VxWorks) is required in nmap-rpc for the wdb-version script to work documented anywhere ?? This key info isn't documented either in the comment section of your script, or on http://nmap.org/nsedoc/scripts/wdb-version.html. Thanks, John ----------------------------------------------------- sudo nmap -sU -p 17185 --script wdb-version 10.10.31.45 Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-11-17 12:49 PST Nmap scan report for 10.10.31.45 Host is up (0.0025s latency). PORT STATE SERVICE 17185/udp open wdb | wdb-version: | VULNERABLE: Wind River Systems VxWorks debug service enabled. See http://www.kb.cert.org/vuls/id/362332 | Agent version: 2.0 | VxWorks version: 5.4 | Board Support Package: i-2-eye DVC1000 - ARM9TDMI _ Boot line: |wingnut:KauriCore Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds -----Original Message----- From: Daniel Miller [mailto:bonsaiviking () gmail com] Sent: Wednesday, November 17, 2010 11:12 AM To: John Larson Subject: Re: Questions about nmap wdb-version script John, It will work with the latest subversion build, see http://nmap.org/book/install.html#inst-svn The latest development release, 5.35DC1, still does not have the updated nmap-rpc file. The script should still work, though, if you edit your nmap-rpc file to contain the line I mentioned, or download the latest one directly from http://nmap.org/svn/nmap-rpc Dan On 11/17/2010 11:26 AM, John Larson wrote:
Daniel, If I interpret your message correctly, things should work ok with a normal install of the latest version of nmap ? If so, I will just download a new version and try again. Seems like there might be a bug in the script since this was a silent failure. It would have been very helpful to me if the script could have raised an error message rather than silently failing to work. Thanks, John On Wed, Nov 17, 2010 at 7:56 AM, Daniel Miller<bonsaiviking () gmail com>
wrote:
John, The problem is that the script requires an entry in the nmap-rpc file,
like
so: wdb 1431655765 # Wind River Debugger (VxWorks) This change is included in the svn revision that added the script
itself.
Since you are running 5.21, without this line, the script does not run,
so
the packets you are seeing are just nmap's null probes to determine if
the
port is open or not. Another note, since some devices do not respond to pings, even Nmap's default "ping" sequence, I use the -Pn (skip host discovery) flag when scanning for a single port, since if the host won't respond to that
port, I
don't care if it is up or not. This can actually slow down a UDP scan,
since
no reply is interpreted as open, but for this particular script, it
only
adds one additional UDP packet and timeout. Dan On 11/16/2010 08:54 PM, John Larson wrote: Daniel, Below is all the data for the Metasploit and nmap runs (incl. actual wdb-version script being run) with wireshark data captures attached Metasploit command output msf auxiliary(wdbrpc_bootline)> use auxiliary/scanner/vxworks/wdbrpc_version msf auxiliary(wdbrpc_version)> set RHOSTS 10.10.31.45/32 RHOSTS => 10.10.31.45/32 msf auxiliary(wdbrpc_version)> set RHOST 10.10.31.45 RHOST => 10.10.31.45 msf auxiliary(wdbrpc_version)> run [*] 10.10.31.45: 5.4 i-2-eye DVC1000 - ARM9TDMI wingnut:KauriCore [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(wdbrpc_version)> nmap command output sudo nmap -sU -p 17185 --script-trace --script wdb-version 10.10.31.45 Starting Nmap 5.21 ( http://nmap.org ) at 2010-11-16 18:40 PST NSOCK (0.3310s) nsock_loop() started (timeout=50ms). 0 events pending NSE: Script Scanning completed. Nmap scan report for 10.10.31.45 Host is up (0.0023s latency). PORT STATE SERVICE 17185/udp open|filtered wdbrpc Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Thoughts on script documentation Daniel Miller (Nov 17)
- Re: Thoughts on script documentation Ron (Nov 18)
- Re: Thoughts on script documentation Rob Nicholls (Nov 18)
- Re: Thoughts on script documentation Fyodor (Nov 19)
- Re: Thoughts on script documentation Rob Nicholls (Nov 19)
- Re: Thoughts on script documentation Fyodor (Nov 19)
- RE: Thoughts on script documentation Rob Nicholls (Nov 20)
- Re: Thoughts on script documentation 'Fyodor' (Nov 20)
- Re: Thoughts on script documentation Rob Nicholls (Nov 18)
- Re: Thoughts on script documentation Ron (Nov 18)
- Re: Thoughts on script documentation Martin Holst Swende (Dec 10)