[NSE] firewalk-path script

[Henri Doreau <henri.doreau () gmail com>]

Hello,

please find attached a new firewalking script. It will basically try
to guess at which point of the path to a given target is a port
blocked. To achieve this, it sends probes to filtered ports with low
IP TTLs and waits for ICMP TIME_EXCEEDED messages that would prove
that a probe has reached the emitter.

Starting with a TTL equal to the distance to the target and decreasing
after each timeout, we can stop probing a given port as soon as we get
the first ICMP reply for this port.

As for my previous firewalk script, the --traceroute flag is
mandatory, and the script has to be run with root privileges. Some
options are available but optional.

You can test it quickly using the following command line:

nmap --datadir . --script firewalk-path --traceroute --top-ports 10
scanme.insecure.org

I don't know whether it should replace the existing firewalk.nse
script or not. Maybe by adding some option to select a given gateway
on the path?

I hope that you'll find it interesting, feedback welcome!

Regards


-- 
Henri Doreau,
henri.doreau () gmail com

Attachment: firewalk-path.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/