Re: [NSE] network interfaces

[Ron <ron () skullsecurity net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

One month late, but I wanted to say - this sounds handy. I've run into the issue of needing info on an interface 
multiple times (though I can't remember where, DHCP was likely involved) and it'd be great to have an easier way to 
handle that! 

Ron

On Thu, 27 Jan 2011 20:02:18 +0100 Djalal Harouni <tixxdz () opendz org> wrote:
> Hi list,
>
> Trying to close an old thread:
> http://seclists.org/nmap-dev/2010/q3/739
>
> The patch 'nse_get_interface.diff' introduce two new functions.
> The first one:
> nmap.get_interface() to get the interface that Nmap is using, this can
> be the interface that was specified with the '-e' option or the
> interface attached to the address specified with the '-S' option.
> This function is for the prerule scripts.
>
> The second function:
> nmap.get_interface_info() to get the interface information.
> After some reflexions, I think that we should return only the
> information of the interface specified as an argument, since most
> scripts will be interested in one interface, there is no need to
> return a list of the available interfaces. Script writers can get the
> apropriate interface name from:
> * prerule mode: the above mentioned nmap.get_interface()
> * hostrule, portrule modes: host.interface of the host table.
> This function should replace 'nmap.get_interface_link()', used only by
> the sniffer-detect.nse script.
>
> I must also point out that in NSE the host.interface field will be set
> only if we are doing a raw scan, which is the default if we have the
> apropriate privileges.
> (a raw scan is a scan with raw sockets, ethernet or pcap stuff)
>
> Speaking about the 'host.interface' field can some one tell us why it
> has the value of the devname instead of devfullname ?
>
>
> A script 'get_interface.nse' is attached to show how we can use these
> new functions.
>
>
> The final patch is a simple one for libnetutil and Nping, I've found
> that some functions assume that the 'devname' and 'devfullname' fields
> of the 'interface_info struct' (file: libnetutil/netutil.h line: 224)
> are 16 bytes length, and others assume that they are 32 bytes length.
> 'devname' field in the Target.h file of nmap, line 323 is 32, so this
> is a *quick* patch. but perhaps it can break some code in Nping
> (function: getinterfaces_inet6_linux() of file: nping/utils_net.cc).
>
>
>
> The output of the get_interface.nse test script:
> # ./nmap -PN --datadir . --script get_interface.nse -n
> scanme.nmap.org -e eth0 -p80
>
> Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-27 20:15 CET
> Pre-scan script results:
> | get_interface: 
> |   interface: eth0
> |   link: ethernet 
> |   address: 10.0.2.15
> |   broadcast: 10.0.2.255
> |_  netmask: 24
> Nmap scan report for scanme.nmap.org (64.13.134.52)
> Host is up (1.3s latency).
> PORT   STATE SERVICE
> 80/tcp open  http
> | get_interface: 
> |   interface: eth0
> |   link: ethernet 
> |   address: 10.0.2.15
> |   broadcast: 10.0.2.255
> |_  netmask: 24
>
> Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds
>
> -- 
> tixxdz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk1q984ACgkQ2t2zxlt4g/Rz7gCgpVk0MkKmvHzJ8qkX+MVK31JE
Y4YAmQGbEUUjgJ68JOr0AKyqU/9b23YS
=FHod
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/