Nmap Development mailing list archives
Re: nmap dhcp library
From: Mike Rykowski <mrykowski () gmail com>
Date: Fri, 13 Nov 2015 09:49:00 -0800
Hi Dev team, I have to apologize, my last file still included some debugging code in it and so I would like to resubmit my updated code for inclusion into the nmap project. I haven't heard much from anyone about getting this code included. Can someone please give me some pointers, is there something I am not doing? Thanks, On Thu, Oct 8, 2015 at 9:47 AM, Mike Rykowski <mrykowski () gmail com> wrote:
Hi nmap dev team, I'm looking into having nmap gather PXE boot-related information from a DHCP server, if it exists. From my research, it looks like the DHCP query needs to ask for options 66 and 67, TFTP Server Name and Bootfile name, respectively (I found that info here <http://www.intel.com/support/network/sb/CS-028533.htm> and it is corroborated here <https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml>). One of the problems is that the DHCP library (found at https://svn.nmap.org/nmap/nselib/dhcp.lua) does not include these options. Another issue I noticed is that, while the WPAD action was added, I don't think the runtime ever gets there because the for loop just goes to 61 ("for i = 1, 61, 1 do"). Additionally, in my testing, all actions are requested regardless of verbosity, contrary (at least in my reading) to what is commented in lines 394-396 of the original code. I believe this is because of an off-by-one error: a default nmap run has nmap.verbosity() = 1 and an nmap -v run has nmap.verbosity() = 2. Thus if you used if(nmap.verbosity() > 1) then you only query the non-default fields if the user adds -v to their nmap command. I have attached my suggestions in the updated dhcp.lua file. In my testing with udhcpd, it does gather the additional PXE boot info. However, my instance of udhcpd seems to respond with all options even when they aren't requested, but I'm pretty sure the verbosity setting works now based on Wireshark captures. It may be valuable to add the rest of the options IANA lists (in the link above), let me know if you agree that this would be valuable and I can do it. Please review them and let me know what you think. Thanks, Mike
Attachment:
dhcp.lua
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fwd: nmap dhcp library Mike Rykowski (Oct 09)
- Re: nmap dhcp library Mike Rykowski (Nov 13)