Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Feature request: scanning an AS

From: John Bond <john.r.bond () gmail com>
Date: Thu, 28 Apr 2011 10:03:25 +0200
On 28 April 2011 05:17, David Fifield <david () bamsoftware com> wrote:

On Mon, Apr 18, 2011 at 09:12:56PM +0200, John Bond wrote:

On 15 March 2011 20:52, John Bond <john.r.bond () gmail com> wrote:

On 15 March 2011 00:13, John Bond <john.r.bond () gmail com> wrote:

On 14 March 2011 21:45, John Bond <john.r.bond () gmail com> wrote:

I noticed this script on the todo list in the wiki and i wasn't really
doing nse last year.  anyway i have written a very small script which
does this.  It relies on the whois server oliver day mentioned.  see
attached

-- @usage
-- nmap --script asn-to-prefix --script-args
asn-to-prefix.asn=65000[asn-to-prefix.whois_server=asn.shadowserver.org,asn-to-prefix.whois_port=43]
--
-- @output
-- 53/udp open  domain  udp-response
-- | asn-to-prefix:
-- |_    127.0.0.0/8


another update as per the comments on secwiki to add newtargets functionality

---
-- @args asn-to-prefix.asn The asn number to search
-- @args asn-to-prefix.whois_server whois server to use default is
asn.shadowserver.org
-- @args asn-to-prefix.whois_port whois port to conect to default is 43
-- @args newtargets prefixes discovered will be added to the nmap scan
--
-- @usage
-- nmap --script asn-to-prefix --script-args
asn-to-prefix.asn={65000,65001}[asn-to-prefix.whois_server=asn.shadowserver.org,asn-to-prefix.whois_port=43,newtargets]
--
-- @output
-- 53/udp open  domain  udp-response
-- | asn-to-prefix:
-- |_    127.0.0.0/8

I was originally skeptical about how useful this script would be but i
have been using it at least every week so look forward to seeing it in
current :)


Okay, I think this is a nice script. Here are a few things I'd like to
see:

We should get permission from the operators of the whois server, like we
did for the asn-query script. We just don't want them to be mad if the
script being distributed with Nmap causes them a lot of extra load.
Would you email them and ask if they object to the script.

I have already emailed them and they are happy for us to use the
service, i can forward you the thread if needed.


The script needs to go into the "external" category.

I think this is unnecessary:
       newtargets = stdnse.get_script_args('asn-to-prefix.newtargets')
Just plain "newtarget" already sets target.ALLOW_NEW_TARGETS.

no problem


Instead of doing socket:receive_lines(1000000), do
socket:receive_lines(1) in a loop. That way you can limit how much you
will read and not stall forever if the server gives you a lot of data.
You still need to split on newlines because receive_lines(1) may return
more than one line.

Ok ill take a look at this in a bit
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: