Nmap Development mailing list archives
Re: NSE script targets-ipv6-multicast-mld.nse patched to include OS detection
From: Alexandru Geana <alex () alegen net>
Date: Mon, 18 May 2015 10:58:02 +0200
Hello devs, After some discussions, it was decided that some changes were needed for this patch. Below is a description of this version of the patch against the current codebase: 1) The bug in targets-ipv6-multicast-mld.nse script has been fixed and now the script sends the mld query to the correct address. Furthermore, it contains additional code which can parse MLD v1 and v2 reports and extract multicast addresses. These addresses are place in the nmap registry for other scripts to use. 2) A new script called fingerprint-ipv6-multicast-mld.nse was created which attempts to guess what operating system a host is running based on the multicast addresses it listens to. The multicast addresses are taken from the registry and this script is supposed to be used together with the targets-ipv6-multicast-mld.nse script. 3) I added a new generic utility function to ipOps.lua which takes one unicast link-local ip address and returns the solicited node multicast address. Let me know what you think! Best regards, Alexandru Geana alegen.net On 04/29, Alexandru Geana wrote:
Hello devs, Attached to this email I am sending a patch which modifies the targets-ipv6-multicast-mld.nse script to guess the operating systems of detected hosts based on the multicast addresses present in the MLD reports. It is able to distinguish between different versions of Windows and specific Linux distros. The reason is that by default different OSes are listening on different IPv6 multicast addresses. I also managed to fix a bug where the script would send MLD queries with multiple addresses (including global unicast IPv6 and IPv4). Furthermore, I changed the maximum response delay from 0 to 1 millisecond, since the former resulted in a crash of the TCP/IP stack of virtualbox when executing the script inside the guest. For convenience I am also attaching a new version of the script next to the diff so that it is easier to read. Let me know what you think and if anyone knows any other multicast addresses for other OSes, they are more than welcome. Sample output tested on a Windows 10 host: Pre-scan script results: | targets-ipv6-multicast-mld: | | IP: fe80::8904:847b:f736:760d MAC: 08:00:27:be:80:d0 IFACE: eth0 | Host reported the following addresses: | ff02::1:ff36:760d | ff02::fb | ff02::1:3 | ff02::c | OS scores (max. 100): | Microsoft Windows 10 100 | Microsoft Windows 7 50 | Microsoft Windows 8.1 50 | Ubuntu 25 | |_ Use --script-args=newtargets to add the results as targets Best regards, Alexandru Geana alegen.net
Attachment:
nmap.diff
Description:
Attachment:
fingerprint-ipv6-multicast-mld.nse
Description:
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script targets-ipv6-multicast-mld.nse patched to include OS detection Alexandru Geana (Apr 29)
- Re: NSE script targets-ipv6-multicast-mld.nse patched to include OS detection Alexandru Geana (May 18)
- Re: NSE script targets-ipv6-multicast-mld.nse patched to include OS detection Alexandru Geana (Jun 10)
- Re: NSE script targets-ipv6-multicast-mld.nse patched to include OS detection Alexandru Geana (May 18)