Nmap Development mailing list archives
Re: [NSE] IKE information extraction
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Tue, 21 May 2013 20:41:46 +0200
Hi Patrik, I've looked a bit more into to this, and using a mutex scheme, requires that the two scripts (version detection and information extraction) sets the mutex. This would solve the problem of both these scripts trying to bind to UDP 500, but would require other scripts binding to this port to also use this mutex, which could lead to transparency issues. Would it make more sense to extend the 'bind' method of new_socket, to include this functionality, i.e. let 'bind' check if a mutex is set for a given port/protocol, and then wait for it to be released ? - Jesper On May 21, 2013, at 10:05 AM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote:
Hi Patrik, Thanks for the pointer. I'll look into using this for for the script. - Jesper On Tue, May 21, 2013 at 3:01 AM, Patrik Karlsson <patrik () cqure net> wrote: Jesper, I don't think there is a way to tell if the port is in use or not but if you want to avoid that the scripts run at the same time you could use a mutex. There some more information here; http://nmap.org/book/nse-parallelism.html /Patrik On Mon, May 20, 2013 at 6:38 PM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote: Hi list, I've attached a script for extracting information from an IKE service and a patch for ike.lua. The IKE response might contain useful information such as the internal IP address, domain name or username, which the script displays. Also matched vendor IDs are displayed. The ike.lua.patch adds extra functionality to support the extraction (and some minor refactoring). Example outputs: PORT STATE SERVICE REASON VERSION 500/udp open isakmp udp-response SonicWall | ike-info: | Information | ID details | Type | ID_USER_FQDN | Value | DJ-G005 | Vendor IDs |_ SonicWall PORT STATE SERVICE REASON 500/udp open isakmp udp-response | ike-info: | Information | ID details | Type | ID_IPV4_ADDR | Value | 10.0.0.99 | Vendor IDs | Cisco Unity | XAUTH | Dead Peer Detection v1.0 | IKE FRAGMENTATION | Cisco VPN Concentrator 3000 4.0.7 |_ Cisco VPN Concentrator 3000 Currently there's a minor bug, as both the ike version detection script and ike-info.nse both try to bind to port 500 UDP. Is there a nice way to wait for the port to become available ? Regards Jesper Kückelhahn _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] IKE information extraction Jesper Kückelhahn (May 20)
- Re: [NSE] IKE information extraction stripes (May 20)
- Re: [NSE] IKE information extraction Patrik Karlsson (May 20)
- Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
- Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
- Re: [NSE] IKE information extraction Jesper Kückelhahn (May 22)
- Re: [NSE] IKE information extraction David Fifield (Jun 17)
- Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
- Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)