Nmap Development mailing list archives
Re: [NSE] modbus-enum.nse, modbus discovery script
From: Alexander Rudakov <freekoder () gmail com>
Date: Mon, 13 Dec 2010 23:01:27 +0300
I found the problem. It was in modbus-emul.py and nse script. Responses of modbus-emul.py was not correct, and nse script did not check size of response. I fixed as the emulator code and the nmap script. Test cases on real devices did not cover all code branches. I added new test cases in modbus-emul.py. Now it cover different situations. To test them all run script in aggressive mode. I renamed aggressive argument to modbus-discover.aggressive as you asked. Alexander Rudakov. 2010/12/13 David Fifield <david () bamsoftware com>
On Sun, Dec 12, 2010 at 08:37:55PM +0300, Alexander Rudakov wrote:Hi, all. It's me again. I cleaned modbus-discover.nse script. I refactored code, it's becamecleanerand simplier (I hope). I threw away data and function code script arguments, and saved only aggressive mode arg of slave id detection. I tested script on real devices with next cases: 1) Neither the slave id (0x11) function nor read device identification (0x2B) function supported (just error string printed) 2) Report slave Id function not supported by device, but read device identification function supported. 3) Both function supported (maximum information shows) The main achievement for me is that I could find modbus device in thewildusing this script and get vendor information about it.I tried this version of the script against the modbus-emul.py you posted in http://seclists.org/nmap-dev/2010/q4/489. I got some errors: ./scripts/modbus-discover.nse:98: variable 'byte_count' is not declared stack traceback: [C]: in function 'error' ./nselib/strict.lua:69: in function <./nselib/strict.lua:60> ./scripts/modbus-discover.nse:98: in function 'extract_slave_id' ./scripts/modbus-discover.nse:136: in function <./scripts/modbus-discover.nse:115> (tail call): ? ./scripts/modbus-discover.nse:65: attempt to perform arithmetic on local 'number_of_objects' (a nil value) stack traceback: ./scripts/modbus-discover.nse:65: in function <./scripts/modbus-discover.nse:54> (tail call): ? ./scripts/modbus-discover.nse:145: in function <./scripts/modbus-discover.nse:115> (tail call): ? The first one is just because of a missing "local" declaration. The second one looks like it must be a bug in either modbus-emul.py or modbus-discover.nse. Can you find out please? Please change the script arg name from "aggressive" to "modbus-discover.aggressive". You can keep "aggressive" as a synonym. David Fifield
Attachment:
modbus-discover.nse
Description:
Attachment:
modbus-emul.py
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 22)
- Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Nov 29)
- <Possible follow-ups>
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 29)
- Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 29)
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 30)
- Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Nov 30)
- Re: [NSE] modbus-enum.nse, modbus discovery script Bob Radvanovsky (Nov 30)
- Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Dec 03)
- Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 12)
- Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 12)
- Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 13)
- Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 16)
- Re: [NSE] modbus-enum.nse, modbus discovery script Alexander Rudakov (Dec 17)
- Re: [NSE] modbus-enum.nse, modbus discovery script Александр Рудаков (Dec 03)
- Re: [NSE] modbus-enum.nse, modbus discovery script David Fifield (Dec 17)