Nmap Development mailing list archives
Several SNMP script additions
From: Brendan Byrd <sineswiper () gmail com>
Date: Sun, 18 Dec 2011 10:29:17 -0500
Got a bunch of library and script changes. Here's the list of changes: 1. New snmp-routing script: Searches each SNMP active host for new targets via the routing tables. The idea is that you can point to a single target and branch out to the entire network. (Some caveats below.) 2. New snmp-system script. This should be a replacement for snmp-sysdescr. It gives out a bit more information, and acts as a version script to identify hostnames, OS type, etc. Functions to look through the sysDescr string should turn into a larger project, as this is a very valuable set of data for version/OS detection. 3. Changes to snmp-brute: New "scanalways" option, and some code refinement. 4. Lots of new functions to ipOps to beef up its CIDR range capabilities. 5. A few new functions to target library, including an exclude list to prevent duplicate IPs from being added, even down to the IP level for ranges. (Some caveats below.) 6. Changes to snmp library: Some code refinement, SNMPv2/3 additions, support for partial table pulls, etc. A getBulkRequest function is included, but needs some debugging, as it doesn't currently return anything. (It must be something simple that I'm missing, but I can't quite figure it out.) Caveats and discussion points: 1. Everything is in Lua. The target and ipOps libraries should probably be converted to pure C code, for speed and accessibility to internal data. 2. Target library doesn't have access to NMap's main target and exclude lists, so the new "dupe list" is outside of the existing lists. This means that a new target could still dupe one of the command-specified targets, but it won't dupe after that. This also means that adding a target to the exclude list isn't going to remove future targets that were already added previously. Fixing point #1 would solve all of this. 3. The snmp-routing script is rather slow, depending on the device. Various routing protocols will send its entire internal routing table to every other device, so you may end up with the same copy on many different devices, thus all of that table ripping takes a while. The new target library fixes the dupes, but it can't remove interface addresses to keep the same device from getting queried over and over again. 4. The snmp-brute script needs some better logic to deal with certain machines. One popular device we deal with will put a temporary (maybe 2-3 minute) block on IPs that are constantly banging it with different community strings at the same time, or if you're trying to query several tables all at once. Getting the right community string with these devices seems to be impossible with snmp-brute. Doing parallel hosts is fine, but parallel community hits is just going to cause trouble. 5. There is no interface within Lua to put in os.* data. SNMP can already tell you the uptime, but there's no way to communicate that to NMap because of the lack of an interface. -- Brendan Byrd/SineSwiper <SineSwiper () GMail com>
Attachment:
scripts.zip
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Several SNMP script additions Brendan Byrd (Dec 19)
- Several SNMP script additions Brendan Byrd (Dec 18)
- Re: Several SNMP script additions Brendan Byrd (Dec 23)
- Re: Several SNMP script additions Patrik Karlsson (Dec 24)
- Re: Several SNMP script additions Patrik Karlsson (Dec 25)
- Re: Several SNMP script additions Brendan Byrd (Dec 28)