Nmap Development mailing list archives
RE: [NSE Script] SNMPv1 system information & uptime
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Mon, 11 Jun 2007 15:19:40 -0500
-----Original Message----- From: Brandon Enright [mailto:bmenrigh () ucsd edu] Sent: Monday, June 11, 2007 3:03 PM To: Thomas Buchanan Cc: nmap-dev () insecure org; bmenrigh () ucsd edu Subject: Re: [NSE Script] SNMPv1 system information & uptime Thomas, The script looks great! I'm glad someone has tackled an NSE script that uses SNMP. I started to write a few NSE scripts that were going to used NSE but gave up because of the difficulty of using ASN.1 encoding to build the packets. You wrote "-- copied from packet capture of snmpget exchange" and then defined the payload as a string of bytes. This works well for static OIDs like SNMPv2-MIB::sysDescr.0 but doesn't work for OIDs that need to be dynamically generated. The solution is probably to build SNMP library bindings into NSE or offer ASN.1 bindings. I spent several hours trying to get LuaSNMP (http://luasnmp.luaforge.net/) working with NSE but got in over my head and put the project aside. I hope eventually SNMP bindings will be available *and* Eddie's traceroute information will be exposed to NSE. I'm picturing NSE scripts that look up the last hope for a host (typically the router) and query the ARP/CAM tables for MAC address and other information. This could be done efficiently and non-redundantly with creative use of the NSE Registry. Don't get me wrong, this script looks great. I think it highlights one current limitation of NSE though. Brandon
I totally agree with you. This script is very static and limited in what it can do, and would be difficult to extend. Some other ideas I had which would be very cumbersome to do without a binding to some kind of SNMP library: * trying other common community strings * querying specific OID values based on analysis of the sysDescr response * detecting other IP addresses through SNMP I was thinking of the cfgmaker script from MRTG, which walks the OID tree of a device and generates a configuration with all the network interfaces defined. It would be fantastic to be able to dynamically update the target list via a discovery script of this kind. Here's hoping someone with more programming gumption than I've got will take a look at this and get something going. On a similar topic, another binding that I think would be well suited for nmap would be some sort of interface to the OpenSSL library. It would be great to be able to do some inspection of SSL-wrapped ports through the NSE system, but I'm unaware of any simple methods for doing that at this point. Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] SNMPv1 system information & uptime Thomas Buchanan (Jun 11)
- Re: [NSE Script] SNMPv1 system information & uptime DePriest, Jason R. (Jun 11)
- Re: [NSE Script] SNMPv1 system information & uptime Brandon Enright (Jun 11)
- RE: [NSE Script] SNMPv1 system information & uptime Thomas Buchanan (Jun 11)
- Re: [NSE Script] SNMPv1 system information & uptime Diman Todorov (Jun 12)
- RE: [NSE Script] SNMPv1 system information & uptime Thomas Buchanan (Jun 11)