Nmap Development mailing list archives

Re: [NSE] KNX Gateway Discover Script

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 8 Aug 2015 08:55:24 -0500

Niklaus,

This looks cool! Here are some comments:

1. Please convert the script to use structured output [1]. This is usually
a matter of changing some tables to stdnse.output_table() and then changing
lines like this:

search_response[1] = "IP address: "..knx_hpai_ip_address

into this:

search_response["IP address"] = knx_hpai_ip_address

2. Seems like we have unnecessary information in the output. I think the
Status part should be obvious from the number of gateways listed in the
output. So the output could be more like:

| knx-gateway-discover:
|   192.168.178.11:
|     Port: 3671
|     KNX address: 15.15.255
|     Device MAC address: 00052650065C
|     Device friendly name: IP-Viewer
|     Supported Services:
|       KNXnet/IP Core
|       KNXnet/IP Device Management
|       KNXnet/IP Tunnelling
|_      KNXnet/IP Object Server

3. Could you also add target discovery? Use target.lua [2]

4. Try to grab the lport from the socket:get_info() call and use that
instead of the hardcoded 55772, unless that's needed for the protocol to
work. That way we know that the local port is available and not in use by
some other service.

Thanks again for putting the effort into this!

Dan

[1] https://nmap.org/book/nse-api.html#nse-structured-output
[3] https://nmap.org/nsedoc/lib/target.html

On Fri, Aug 7, 2015 at 10:19 AM, Niklaus Schiess <nschiess () adversec com>
wrote:

Howdy,

KNX is "...the worldwide STANDARD for all applications in home and
building control, ranging from lighting and shutter control to various
security systems, ...building control with a single, manufacturer
independent design and commissioning tool (ETS), with a complete set of
supported communication media (TP, PL, RF and IP) as well as a complete set
of supported configuration modes..."[1].

This script discovers KNX gateways which are be used to communicate and
configure bus devices over IP driven networks. It sends a multicast IP
packet where all gateways should respond with various information about
themselves.

It is based on the llmnr-response.nse script as it technically does the
same thing. This script is also available on GitHub [2].

Regards,
Niklaus

[1] http://www.knx.org/knx-en/index.php
[2] https://github.com/takeshixx/knx-gateway-discover

--
PGP FP: CB84 8C68 ADDB 6C50 7DF1 4227 F2A6 056A A799 76DA


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] KNX Gateway Discover Script Niklaus Schiess (Aug 07)
- Re: [NSE] KNX Gateway Discover Script Michael T (Aug 07)
  - Re: [NSE] KNX Gateway Discover Script Niklaus Schiess (Aug 07)
- Re: [NSE] KNX Gateway Discover Script Daniel Miller (Aug 08)
  - Message not available
    - Re: [NSE] KNX Gateway Discover Script Daniel Miller (Aug 08)
    - Message not available
    - Re: [NSE] KNX Gateway Discover Script Daniel Miller (Aug 10)
    - Re: [NSE] KNX Gateway Discover Script Niklaus Schiess (Aug 10)
    - Re: [NSE] KNX Gateway Discover Script Daniel Miller (Aug 12)
    - Re: [NSE] KNX Gateway Discover Script Niklaus Schiess (Aug 12)
    - Re: [NSE] KNX Gateway Discover Script Daniel Miller (Sep 15)