Nmap Development mailing list archives
LDAP library and scripts
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 12 Jan 2010 20:56:52 +0100
Hi all, I just finished some LDAP code that allow nmap to search an LDAP directory. The code has been split up into two libraries (ldap.lua and asn1.lua) where asn1 is largely ripped from snmp.lua and contains the ASN1 encoding code. The reason for this is that it needed a few LDAP adaptions and it felt awkward placing them in the snmp library. I have written two scripts that make use of the library: * ldap-get-baseobject.nse - retrieves the baseobject and prints the attributes * ldap-search.nse - provides simple search functionality against the LDAP directory The library currently supports the LDAP operations SearchRequest, BindRequest and UnbindRequest. It also parses the response received from these operations. The LDAP library also has some code that does formatting of the response into tables suitable for the stdnse.format_output function. The library still has the following shortcomings (in my opinion): * At the moment it only supports simple bind but I'm looking into the possibility of implementing other mechanisms too. * The library lacks filter parsing support. That said, it supports filters, but they need to be supplied using tables rather than their textual representation as described in RFC 2254. Whether this will change in the future or not depends on the need and the efforts needed to implement it. * SSL is currently not supported mainly because I didn't have an SSL enabled LDAP server running, I'm guessing it's a quite small change to make it working once I do. I'll try to get to this in a near future. * Parsing of some attributes returned by AD fails and returns a blob of hex characters. I need to look into this and find some supporting documentation on how they should be decoded. * There's an annoying bug (probably me doing stuff the wrong way) that breaks indentation when using the format_output function for tables having a single element. The current (ugly) workaround is simply adding an empty element adding an extra empty row (but correctly) indented in the result. Despite these shortcomings I'm releasing a first version of the library and scripts. The scripts have undergone limited testing against both OpenLDAP and ActiveDirectory. A zip file containing both libraries and scripts are available from my blog: http://www.cqure.net/wp/nmap-scripts/ All feedback (good and bad) is welcome. Let me know of any other bugs or shortcomings you may encounter. //Patrik -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- LDAP library and scripts Patrik Karlsson (Jan 12)
- Re: LDAP library and scripts David Fifield (Jan 25)
- Re: LDAP library and scripts Patrik Karlsson (Jan 28)
- Re: LDAP library and scripts David Fifield (Feb 01)
- Re: LDAP library and scripts Patrik Karlsson (Feb 02)
- Re: LDAP library and scripts David Fifield (Feb 02)
- Re: LDAP library and scripts David Fifield (Feb 02)
- Re: LDAP library and scripts Patrik Karlsson (Feb 03)
- Re: LDAP library and scripts David Fifield (Feb 14)
- Re: LDAP library and scripts Patrik Karlsson (Jan 28)
- Re: LDAP library and scripts Patrik Karlsson (Feb 02)
- Re: LDAP library and scripts David Fifield (Jan 25)