Nmap Development mailing list archives

Re: [NSE] modbus-enum.nse, modbus discovery script

From: David Fifield <david () bamsoftware com>
Date: Sun, 12 Dec 2010 18:10:24 -0800

On Sun, Dec 12, 2010 at 08:37:55PM +0300, Alexander Rudakov wrote:

Hi, all. It's me again.
I cleaned modbus-discover.nse script. I refactored code, it's became cleaner
and simplier (I hope).
I threw away data and function code script arguments, and saved only
aggressive mode arg of slave id detection.
I tested script on real devices with next cases:
1) Neither the slave id (0x11) function nor read device
identification (0x2B) function supported (just error string printed)
2) Report slave Id function not supported by device, but read device
identification  function supported.
3) Both function supported (maximum information shows)

The main achievement for me is that I could find modbus device in the wild
using this script and get vendor information about it.


I tried this version of the script against the modbus-emul.py you posted
in http://seclists.org/nmap-dev/2010/q4/489. I got some errors:

./scripts/modbus-discover.nse:98: variable 'byte_count' is not declared
stack traceback:
        [C]: in function 'error'
        ./nselib/strict.lua:69: in function <./nselib/strict.lua:60>
        ./scripts/modbus-discover.nse:98: in function 'extract_slave_id'
        ./scripts/modbus-discover.nse:136: in function <./scripts/modbus-discover.nse:115>
        (tail call): ?

./scripts/modbus-discover.nse:65: attempt to perform arithmetic on local 'number_of_objects' (a nil value)
stack traceback:
        ./scripts/modbus-discover.nse:65: in function <./scripts/modbus-discover.nse:54>
        (tail call): ?
        ./scripts/modbus-discover.nse:145: in function <./scripts/modbus-discover.nse:115>
        (tail call): ?

The first one is just because of a missing "local" declaration. The
second one looks like it must be a bug in either modbus-emul.py or
modbus-discover.nse. Can you find out please?

Please change the script arg name from "aggressive" to
"modbus-discover.aggressive". You can keep "aggressive" as a synonym.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 22)
- Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Nov 29)
- <Possible follow-ups>
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 29)
  - Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 29)
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 30)
  - Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 30)
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 30)
  - Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Dec 03)
    - Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 12)
    - Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 12)
    - Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 13)
    - Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 16)
    - Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 17)
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Dec 17)
  - Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 17)