[NSE] eap-info

[Riccardo Cecolin <nmap () rikiji de>]

I'm working on a NSE script that implements a subset of the 802.1x
(EAP) protocol, i have a question about which is the correct way to
get an interface in a "prerule" script.
I'm forging directly the 802.1x packets and sending them with the dnet
library through a not yet configured network interface, but when I
open such interface with dnet:ethernet_open(), this function will
always fail unless the interface has an ip address configured, even if
it is up and cable-connected.
I'm trying to do that because I think it could be the standard
scenario of eap scanning. Is there a better way to access it from NSE
(without giving it a bogus ip)?

Attached there's a version of the mentioned library + script that
successfully enumerates all the available authentication methods when
tested against hostapd v0.6.10.
I found that some other authentication systems have different
behaviors (e.g. they do not respond to eap start packets) so the
script needs some more development and testing in different
environments, but it's a starting point.

Riccardo

nmap -dd -e eth2 -sn --script-trace --script=eap-info --datadir=. localhost
Pre-scan script results:
| eap-info:
| Available authentication methods with identity="anonymous" on interface eth2
|   true     PEAP
|   true     EAP-TTLS
|   false    EAP-TLS
|_  false    EAP-MSCHAP-V2

Attachment: eap.lua
Description:

Attachment: eap-info.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/