Nmap Development mailing list archives

Re: nmap scanning of IPv6 hosts

From: Craig Miller <cvmiller () gmail com>
Date: Thu, 31 Dec 2015 11:24:52 -0800



On 15-12-31 09:22 AM, David Fifield wrote:

On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:


On 15-12-30 11:07 AM, David Fifield wrote:

On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller wrote:

It would be nice if nmap supported the MLD/ff02::1 approach natively, as the
brute force method is not really practical for IPv6. I am hoping to start a
discussion in order to further improve nmap.

If you use the newtargets script argument, the discovered addresses will
be added to the target list and scanned.

nmap -6 -F -v --script-args newtargets --script targets-ipv6-multicast-mld

Thanks David,

I will work through getting the targets-ipv6-multicast-mld script running.
Perhaps there is a ubuntu/debian package which the casual user of nmap can
use to install the script.

But the reason I was requesting that IPv6 scanning using the ff02::1 method
be integrated natively in nmap is to make it available for the casual user
of nmap. I have used nmap and found it quite useful for over 13 years, and
never ran a nse script. I suspect there is a large community of nmap users
who are like me.

Having native support within nmap would reach a much larger audience.

Maybe I don't understand you. The scripts *are* part of Nmap. They are
included in the Ubuntu/Debian packages. You don't have to install
anything separately. Just try running the example command line I showed.

There are other IPv6 discovery scripts you might want to try.
nmap --script-help 'targets-ipv6-*'
https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html
https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html

A ton of Nmap functionality is implemented through the scripting engine
these days. If you've even run -sV, you've run a script.


Thanks again, David.

You are right, of course, the scripts are in /usr/share/nmap/scripts/

But I am still having trouble, the mld script detects no hosts:

cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse --script-args newtargets

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 
'newtargets,interface=eth0'

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds

The second run is right off example in:

https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html

I have 11 IPv6 hosts on my network, not sure why it isn't findingsomething. Is there a debug flag to help understand where it is going wrong?


TIA,

Craig...



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap scanning of IPv6 hosts Craig Miller (Dec 30)
- Re: nmap scanning of IPv6 hosts David Fifield (Dec 30)
  - Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
    - Re: nmap scanning of IPv6 hosts David Fifield (Dec 31)
    - Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
    - Re: nmap scanning of IPv6 hosts Daniel Miller (Dec 31)