Nmap Development mailing list archives
Re: HNAP (was: New VA Modules: Nessus: 20)
From: Fyodor <fyodor () insecure org>
Date: Mon, 18 Apr 2011 14:37:26 -0700
On Mon, Apr 18, 2011 at 10:02:10AM -0700, New VA Module Alert Service wrote:
53471 os_fingerprint_hnap.nasl http://nessus.org/plugins/index.php?view=single&id=53471 OS Identification : HNAP
I wasn't familiar with HNAP, which is the "Home Network Administration Protocol". It is an HTTP-Simple Object Access Protocol (SOAP)-based protocol which allows for remote topology discovery, configuration, and management of devices (routers, cameras, PCs, NAS, etc.) It seems to be Cisco sponsored. Here are some details: http://www.purenetworks.com/partners/hnap.php http://www.cisco.com/web/partners/downloads/guest/hnap_protocol_whitepaper.pdf Device discovery (and reconfiguration?) via HNAP might make a great NSE script. So I added it to the ideas list [1]. I also added one for detecting and/or defeating HNAP security on D-Link devices with the vulnerability described at [2]. Cheers, Fyodor [1] https://secwiki.org/w/Nmap/Script_Ideas [2] http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: Nessus: 20 New VA Module Alert Service (Apr 18)
- Re: HNAP (was: New VA Modules: Nessus: 20) Fyodor (Apr 18)