Nmap Development mailing list archives
Re: [NSE] Script submission: targets-ipv6-wordy
From: Everardo Padilla Saca <everardo.padilla.saca () gmail com>
Date: Wed, 9 Apr 2014 06:44:07 +0000 (UTC)
Raul Fuentes <ra.fuentess.sam <at> gmail.com> writes:
As told before, my big concern is the already overhead once you combine all the scripts and all the memory need to have all the potential addresses.
You didn't mention anything about other scripts (???). For the record, this script is not combined with any other.
You approach generate all the possible words, true [...]
False. It generates all the possible words *given a wordlist*. This means the script takes the words from a list, and the algorith generates the combinations.
[...] but is truly useful ?
I believe it is. Suppose you want to scan the following network: 2001:0DB8:AC10:FE01:AAAA:BBBB:0000:0000/96 If you want to try "wordy" addresses first, you do: $ nmap -6 --script targets-ipv6-wordy.nse --script-args 'newtargets, targets-ipv6-wordy.wordlist=my_words.txt, targets-ipv6-wordy.segments="7,8", targets-ipv6-wordy.base-address="2001:0DB8:AC10:FE01:AAAA:BBBB:0000:0000"' And that will tell Nmap to scan addresses that have words (from the specified wordlist) in the 7th and 8th segments.
Is like a dictionary attack or brute force attack, for a general quick approach to try to detect a IPv6 address as 2001:db8:c0ca:dead:beef (or a passwords as 123adobe or qwerty) is a truly idea try to get all the possible combinations or just the most common 1000-10,000 passwords/address? [...]
Like I just wrote, the script uses a wordlist. This can be seen as a dictionary attack. It's up to the user to configure the wordlist to his/her needs.
When I implemented the wordly script, I choice the second approach, that is the reason for the DB, as well is a good place for store already discovered EUI-64 addresses. About many DB, for the standard user can be easy and transparent, even Nmap has his own multiple DB, even the SLAAC script uses the Nmap MAC vendors DB. And for a audit security user, he eventually need to update or tune Nmap DB for his own needs on specific auditories .
I'm not sure if I understand your concept of database. Are you suggesting to have a database for all the generated addresses? Or for the words that will be used to generate these addresses? (this last approach is done by this script, as explained above). If you are suggesting to do the first approach, to save all the generated addresses in a file for later scanning, that would be impractical because you would have to write all the addresses to a file, and then read them again via another script and feed them to Nmap when you already had them in memory before. To make most of Nmap's parallelization features, I believe the generated addresses must be put inside Nmap's queue***, rather than being read from a file and then given to Nmap one by one.
By the way, I have not seen you progress with the scripts, but a full scan of 24 bits with almost all your scripts running at same time, how much time take? It's a good idea to give more time with the approach you want? (IPv4 for Nmap can be a lot of time)
Like I mentioned above, this script is not combined with any other. The time it takes to generate the addresses depends on how many segments the user chose and how many words the wordlist contains. It's up to the security professional to choose how many addresses will be generated by tweaking the wordlist and choosing the right amount of segments appropriate to his/her available resources. ***Suggestions are welcome. Cheers, Everardo. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Script submission: targets-ipv6-wordy Everardo Padilla Saca (Apr 01)
- Re: [NSE] Script submission: targets-ipv6-wordy Raul Fuentes (Apr 01)
- Re: [NSE] Script submission: targets-ipv6-wordy Everardo Padilla Saca (Apr 08)
- <Possible follow-ups>
- Re: [NSE] Script submission: targets-ipv6-wordy Everardo Padilla Saca (Apr 01)
- Re: [NSE] Script submission: targets-ipv6-wordy Raul Fuentes (Apr 01)