Nmap Development mailing list archives
Re: [NSE] network interfaces
From: Ron <ron () skullsecurity net>
Date: Sun, 27 Feb 2011 19:18:06 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey, One month late, but I wanted to say - this sounds handy. I've run into the issue of needing info on an interface multiple times (though I can't remember where, DHCP was likely involved) and it'd be great to have an easier way to handle that! Ron On Thu, 27 Jan 2011 20:02:18 +0100 Djalal Harouni <tixxdz () opendz org> wrote:
Hi list, Trying to close an old thread: http://seclists.org/nmap-dev/2010/q3/739 The patch 'nse_get_interface.diff' introduce two new functions. The first one: nmap.get_interface() to get the interface that Nmap is using, this can be the interface that was specified with the '-e' option or the interface attached to the address specified with the '-S' option. This function is for the prerule scripts. The second function: nmap.get_interface_info() to get the interface information. After some reflexions, I think that we should return only the information of the interface specified as an argument, since most scripts will be interested in one interface, there is no need to return a list of the available interfaces. Script writers can get the apropriate interface name from: * prerule mode: the above mentioned nmap.get_interface() * hostrule, portrule modes: host.interface of the host table. This function should replace 'nmap.get_interface_link()', used only by the sniffer-detect.nse script. I must also point out that in NSE the host.interface field will be set only if we are doing a raw scan, which is the default if we have the apropriate privileges. (a raw scan is a scan with raw sockets, ethernet or pcap stuff) Speaking about the 'host.interface' field can some one tell us why it has the value of the devname instead of devfullname ? A script 'get_interface.nse' is attached to show how we can use these new functions. The final patch is a simple one for libnetutil and Nping, I've found that some functions assume that the 'devname' and 'devfullname' fields of the 'interface_info struct' (file: libnetutil/netutil.h line: 224) are 16 bytes length, and others assume that they are 32 bytes length. 'devname' field in the Target.h file of nmap, line 323 is 32, so this is a *quick* patch. but perhaps it can break some code in Nping (function: getinterfaces_inet6_linux() of file: nping/utils_net.cc). The output of the get_interface.nse test script: # ./nmap -PN --datadir . --script get_interface.nse -n scanme.nmap.org -e eth0 -p80 Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-27 20:15 CET Pre-scan script results: | get_interface: | interface: eth0 | link: ethernet | address: 10.0.2.15 | broadcast: 10.0.2.255 |_ netmask: 24 Nmap scan report for scanme.nmap.org (64.13.134.52) Host is up (1.3s latency). PORT STATE SERVICE 80/tcp open http | get_interface: | interface: eth0 | link: ethernet | address: 10.0.2.15 | broadcast: 10.0.2.255 |_ netmask: 24 Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds -- tixxdz
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk1q984ACgkQ2t2zxlt4g/Rz7gCgpVk0MkKmvHzJ8qkX+MVK31JE Y4YAmQGbEUUjgJ68JOr0AKyqU/9b23YS =FHod -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] network interfaces Djalal Harouni (Jan 27)
- Re: [NSE] network interfaces Ron (Feb 27)
- Re: [NSE] network interfaces Djalal Harouni (Feb 28)
- Re: [NSE] network interfaces Patrick Donnelly (Feb 28)
- Re: [NSE] network interfaces David Fifield (Feb 28)
- Re: [NSE] network interfaces Djalal Harouni (Mar 09)
- Re: [NSE] network interfaces Luis MartinGarcia. (Mar 12)
- Re: [NSE] network interfaces Djalal Harouni (Mar 14)
- Re: [NSE] network interfaces Djalal Harouni (Feb 28)
- Re: [NSE] network interfaces Ron (Feb 27)