Nmap Development mailing list archives
Re: [NSE] ASN made more robust and documented - much more to do.
From: David Fifield <david () bamsoftware com>
Date: Fri, 29 Aug 2008 19:02:27 -0600
On Sat, Aug 16, 2008 at 04:21:06AM +0100, jah wrote:
Attached is a bit of an update to the version of asn.nse in the current svn. It was rather prone to failure and now it is less so. Yesterday I began another version using Philip's dns library and system_dns patch and while I was playing I noticed that a DNS response contained two answers (and that the order in which they appear is seemingly random). At first, I thought this was some strangeness, but this turns out not to be quite the case. The answers to a query for the nmap.asn.cymru.com zone are one each from what would be obtained by queries for both origin.asn.cymru and peer.asn.cymru.com zones [1] and this fact prompted me to return to the original version of the script and update the response decoding routine to handle the extra answers. Further, there's a pair of answers for each BGP prefix in which the target resides which can result in four answers (and perhaps more). So once I'd handled the extraction of multiple answers, I changed the output to suit (not perfectly, mind) and the caching and cache checking code as well. Whilst doing all of this, I noted down several challenges to be solved and thus grew the sizeable TODO section in the script comments which you can probably see below. The upshot of all this rambling is that even though this version of the script is better (it's no longer a throw of the dice which determines the answer outputted - they all are), there's a fair bit more to do to make it reliable and more experimentation/testing needed.
I tried this version and it doesn't work for me, though the current Subversion version does. $ nmap --script=ASN.nse --script-args=dns=66.7.169.1 -sP scanme.nmap.org Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-29 18:59 MDT Host scanme.nmap.org (64.13.134.52) appears to be up. Host script results: | ASN: | BGP Prefix: 64.13.128.0/21 | AS number: 10565 |_ Country Code: US Nmap done: 1 IP address (1 host up) scanned in 1.19 seconds $ nmap --script=/home/david/ASN.nse --script-args=dns=66.7.169.1 -sP scanme.nmap.org Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-29 19:00 MDT Host scanme.nmap.org (64.13.134.52) appears to be up. Nmap done: 1 IP address (1 host up) scanned in 1.19 seconds I can verify through --script-trace that a response from the DNS server comes back. Is there anything I can do to help debug? I want to make this script use dns.get_servers instead of requiring a script arg. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] ASN made more robust and documented - much more to do. jah (Aug 15)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)
- Message not available
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 01)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN jah (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)