Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE Script] Tor Node Checker

From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 10 Oct 2007 15:37:05 -0500
Hi everyone!
Hopefully I didn't get you excited and in hopes of a really awesome tor node script, but if I did then I hope you'll be happy with this :)
I've used tor quite a bit, but I mainly don't since it's so slow. I decided I would, however, like a tor node checking script.
But as we all know here on nmap-dev, I'm not perfect :) Hopefully this will be a good starting ground for others to make a really great script for this.
There are tor service matches in Service Detection, so that makes this script easy when it's employed and matched. However, I wanted to add other tests for systems that are *probably* nodes. This is what this script needs to be really great, since I doubt I've covered enough.
Tor nodes on "tor network status" sites have a lot of ports 9001 and 9030 that are open, but don't match "tor" or "tor-info" (they tend to just be left "unknown"). So I check if they're both open and say it looks like one if so. Should I check for "unknown" for both of these? 

These (and others) should be good when version detection isn't run.
I hope you guys like the idea of this script and would like to make it cooler. Please let me know what you think! :) 

Thanks,
Kris Katterjohn

-- Look at the target system and determine (guess) if it's a Tor node

-- 10/10/2007

id = "Tor Node"

description = "Check if the target is a Tor node"

author = "Kris Katterjohn <katterjohn () gmail com>"

license = "Look at Nmap's COPYING"

categories = {"discovery"}

-- If port 9001 is "tor", 9030 is "tor-info" and/or both ports are open
hostrule = function(host, port)
        local p9001 = nmap.get_port_state(host, {number=9001, protocol="tcp"})
        local p9030 = nmap.get_port_state(host, {number=9030, protocol="tcp"})

        if p9030 ~= nil and p9030.state == "open" then
                if p9030.service == "tor-info" then
                        return true
                elseif p9001 ~= nil and p9001.state == "open" then
                        return true
                end
        elseif p9001 ~= nil and p9001.state == "open" and p9001.service == "tor" then
                return true
        end
end

action = function(host, port)
        return "Looks like a Tor node"
end



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: