Nmap Development mailing list archives
Re: [NSE] iSCSI library and scripts
From: Matt Selsky <selsky () columbia edu>
Date: Sun, 5 Dec 2010 17:17:58 -0500
On Dec 4, 2010, at 1:55 PM, Patrik Karlsson wrote:
On 23 nov 2010, at 14.24, Matt Selsky wrote:On Thu, 18 Nov 2010, Patrik Karlsson wrote:Hi, I'm attaching some of my recent work where I've attempted to implement the iSCSI protocol in Nmap. There are two scripts, a library and a probe with matching match lines to detect the iSCSI target. The iscsi-info script attempts to list all available iSCSI targets and whether they're protected by authentication or not. The iscsi-brute script attempts to brute force CHAP authentication against a given iSCSI target. Feedback, comments and test results are most welcome. I've done all testing against OpenFiler myself. //PatrikTesting against IBM XIV's iSCSI implementation. I scanned all 6 iSCSI interfaces: $ ./nmap --datadir=. --script=iscsi-info -sV -p 3260 10.192.11.244 10.192.11.245 10.192.11.246 10.192.11.247 10.192.11.248 10.192.11.249 Starting Nmap 5.36TEST2 ( http://nmap.org ) at 2010-11-23 08:12 EST Nmap scan report for xiv523-m7p1 (10.192.11.244) Host is up (0.00021s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Nmap scan report for xiv523-m7p2 (10.192.11.245) Host is up (0.00022s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Nmap scan report for xiv523-m8p1 (10.192.11.246) Host is up (0.00027s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Nmap scan report for xiv523-m8p2 (10.192.11.247) Host is up (0.00025s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Nmap scan report for xiv523-m9p1 (10.192.11.248) Host is up (0.00023s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Nmap scan report for xiv523-m9p2 (10.192.11.249) Host is up (0.00022s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | iqn.2005-10.com.xivstorage:002523 |_ Target address: 10.192.11.244:3260,1 Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 6 IP addresses (6 hosts up) scanned in 83.69 seconds iscsiadm shows different target addresses: # /sbin/iscsiadm -m node 10.192.11.249:3260,5 iqn.2005-10.com.xivstorage:002523 10.192.11.244:3260,1 iqn.2005-10.com.xivstorage:002523 10.192.11.247:3260,4 iqn.2005-10.com.xivstorage:002523 10.192.11.245:3260,6 iqn.2005-10.com.xivstorage:002523 10.192.11.248:3260,3 iqn.2005-10.com.xivstorage:002523 10.192.11.246:3260,2 iqn.2005-10.com.xivstorage:002523 The number after the comma changes in the iscsiadm output, but not the iscsi-info output. Let me know if you need debug output. Cheers, -- MattThis took a little longer than I expected, but I've been busy with other stuff. I have looked at the pcap you sent off-list and made quite a few changes to both the script and library. It should now work properly and return the results your expecting. Could you try it again? I'm attaching the new files.
Here's the new output: $ ./nmap --datadir=. --script=iscsi-info -sV -p 3260 10.192.11.244 10.192.11.245 10.192.11.246 10.192.11.247 10.192.11.248 10.192.11.249 Starting Nmap 5.36TEST2 ( http://nmap.org ) at 2010-12-05 16:56 EST Nmap scan report for xiv523-m7p1 (10.192.11.244) Host is up (0.00023s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Nmap scan report for xiv523-m7p2 (10.192.11.245) Host is up (0.00023s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Nmap scan report for xiv523-m8p1 (10.192.11.246) Host is up (0.00028s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Nmap scan report for xiv523-m8p2 (10.192.11.247) Host is up (0.00025s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Nmap scan report for xiv523-m9p1 (10.192.11.248) Host is up (0.00024s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Nmap scan report for xiv523-m9p2 (10.192.11.249) Host is up (0.00025s latency). PORT STATE SERVICE VERSION 3260/tcp open iscsi? | iscsi-info: | Target: iqn.2005-10.com.xivstorage:002523 | Address: 10.192.11.244:3260,1 | Address: 10.192.11.246:3260,2 | Address: 10.192.11.248:3260,3 | Address: 10.192.11.247:3260,4 | Address: 10.192.11.249:3260,5 | Address: 10.192.11.245:3260,6 |_ Authentication: Failed to logout Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 6 IP addresses (6 hosts up) scanned in 83.74 seconds _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] iSCSI library and scripts Patrik Karlsson (Nov 17)
- Re: [NSE] iSCSI library and scripts Matt Selsky (Nov 23)
- Re: [NSE] iSCSI library and scripts Patrik Karlsson (Nov 23)
- Re: [NSE] iSCSI library and scripts Patrik Karlsson (Dec 04)
- Re: [NSE] iSCSI library and scripts Matt Selsky (Dec 05)
- Re: [NSE] iSCSI library and scripts Patrik Karlsson (Dec 05)
- Re: [NSE] iSCSI library and scripts Matt Selsky (Dec 05)
- Re: [NSE] iSCSI library and scripts Patrik Karlsson (Dec 05)
- Re: [NSE] iSCSI library and scripts David Fifield (Dec 05)
- Re: [NSE] iSCSI library and scripts Patrik Karlsson (Dec 10)
- Re: [NSE] iSCSI library and scripts Matt Selsky (Dec 05)
- Re: [NSE] iSCSI library and scripts Matt Selsky (Nov 23)