Nmap Development mailing list archives
Re: nmap scanning of IPv6 hosts
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 4 Jan 2016 13:25:37 -0600
Craig, I'm not sure what could be causing the delay. You can use -d to increase debugging output level, and at -d2 and higher, you will get a Lua stack trace of all running threads when you press any key during execution. That output would be helpful to diagnose the problem. Unfortunately, running Nmap 6.40 under "sudo" makes this interaction impossible. We fixed that bug in 6.49BETA1. I would still encourage you to upgrade Nmap itself, not just the script. Dan On Mon, Jan 4, 2016 at 11:19 AM, Craig Miller <cvmiller () gmail com> wrote:
Thanks Daniel, I gave the new MLD script a try, and there is something not right. cvmiller@hau:/usr/share/nmap/scripts$ time sudo nmap -6 -F -v --script-args newtargets --script targets-ipv6-multicast-mld Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 17:26 PST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 17:26 NSE Timing: About 50.00% done; ETC: 17:27 (0:00:31 remaining) NSE Timing: About 50.00% done; ETC: 17:28 (0:01:01 remaining) NSE Timing: About 50.00% done; ETC: 17:29 (0:01:31 remaining) NSE Timing: About 50.00% done; ETC: 17:30 (0:02:01 remaining) NSE Timing: About 50.00% done; ETC: 17:31 (0:02:31 remaining) NSE Timing: About 50.00% done; ETC: 17:32 (0:03:01 remaining) NSE Timing: About 50.00% done; ETC: 17:33 (0:03:31 remaining) NSE Timing: About 50.00% done; ETC: 17:34 (0:04:01 remaining) NSE Timing: About 50.00% done; ETC: 17:35 (0:04:31 remaining) NSE Timing: About 50.00% done; ETC: 17:36 (0:05:01 remaining) NSE Timing: About 50.00% done; ETC: 17:37 (0:05:34 remaining) NSE Timing: About 50.00% done; ETC: 17:38 (0:06:10 remaining) NSE Timing: About 50.00% done; ETC: 17:40 (0:06:49 remaining) NSE Timing: About 50.00% done; ETC: 17:41 (0:07:31 remaining) NSE Timing: About 50.00% done; ETC: 17:43 (0:08:19 remaining) NSE Timing: About 50.00% done; ETC: 17:44 (0:09:10 remaining) NSE Timing: About 50.00% done; ETC: 17:46 (0:10:07 remaining) NSE Timing: About 50.00% done; ETC: 17:48 (0:11:10 remaining) NSE Timing: About 50.00% done; ETC: 17:51 (0:12:19 remaining) NSE Timing: About 50.00% done; ETC: 17:53 (0:13:34 remaining) NSE Timing: About 50.00% done; ETC: 17:56 (0:14:58 remaining) NSE Timing: About 50.00% done; ETC: 17:59 (0:16:28 remaining) ^C real 16m43.579s user 16m23.644s sys 0m19.004s Something is happening which appears to be tripping up the script (Or I am not starting it correctly). Is there a flag I can use to get more debug information? thanks, Craig... On 15-12-31 12:26 PM, Daniel Miller wrote: Craig, I see you are using Nmap 6.40, released in July 2013. IPv6 support was one of the biggest areas of improvement in the recent Nmap 7.00 release, so I would encourage you to upgrade. Regarding the MLD script specifically, we just fixed a bug and improved detection [1], but the fix has not yet been released. You can get it by downloading the script from the NSEdoc page [2] as well as the multicast.lua library [3]. Dan [1] http://seclists.org/nmap-dev/2015/q4/258 [2] https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html [3] https://nmap.org/nsedoc/lib/multicast.html On Dec 31, 2015 1:24 PM, "Craig Miller" <cvmiller () gmail com> wrote:On 15-12-31 09:22 AM, David Fifield wrote:On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:On 15-12-30 11:07 AM, David Fifield wrote:On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller wrote:It would be nice if nmap supported the MLD/ff02::1 approach natively, as the brute force method is not really practical for IPv6. I am hoping to start a discussion in order to further improve nmap.If you use the newtargets script argument, the discovered addresses will be added to the target list and scanned. nmap -6 -F -v --script-args newtargets --script targets-ipv6-multicast-mldThanks David, I will work through getting the targets-ipv6-multicast-mld script running. Perhaps there is a ubuntu/debian package which the casual user of nmap can use to install the script. But the reason I was requesting that IPv6 scanning using the ff02::1 method be integrated natively in nmap is to make it available for the casual user of nmap. I have used nmap and found it quite useful for over 13 years, and never ran a nse script. I suspect there is a large community of nmap users who are like me. Having native support within nmap would reach a much larger audience.Maybe I don't understand you. The scripts *are* part of Nmap. They are included in the Ubuntu/Debian packages. You don't have to install anything separately. Just try running the example command line I showed. There are other IPv6 discovery scripts you might want to try. nmap --script-help 'targets-ipv6-*' https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html A ton of Nmap functionality is implemented through the scripting engine these days. If you've even run -sV, you've run a script.Thanks again, David. You are right, of course, the scripts are in /usr/share/nmap/scripts/ But I am still having trouble, the mld script detects no hosts: cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse --script-args newtargets Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0' Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds The second run is right off example in: https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html I have 11 IPv6 hosts on my network, not sure why it isn't finding something. Is there a debug flag to help understand where it is going wrong? TIA, Craig... _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nmap scanning of IPv6 hosts Craig Miller (Jan 04)
- Re: nmap scanning of IPv6 hosts Daniel Miller (Jan 04)
- Re: nmap scanning of IPv6 hosts Craig Miller (Jan 04)
- Re: nmap scanning of IPv6 hosts Daniel Miller (Jan 04)