Nmap Development mailing list archives
Re: nmap scanning of IPv6 hosts
From: Craig Miller <cvmiller () gmail com>
Date: Thu, 31 Dec 2015 11:24:52 -0800
On 15-12-31 09:22 AM, David Fifield wrote:
On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:On 15-12-30 11:07 AM, David Fifield wrote:On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller wrote:It would be nice if nmap supported the MLD/ff02::1 approach natively, as the brute force method is not really practical for IPv6. I am hoping to start a discussion in order to further improve nmap.If you use the newtargets script argument, the discovered addresses will be added to the target list and scanned. nmap -6 -F -v --script-args newtargets --script targets-ipv6-multicast-mldThanks David, I will work through getting the targets-ipv6-multicast-mld script running. Perhaps there is a ubuntu/debian package which the casual user of nmap can use to install the script. But the reason I was requesting that IPv6 scanning using the ff02::1 method be integrated natively in nmap is to make it available for the casual user of nmap. I have used nmap and found it quite useful for over 13 years, and never ran a nse script. I suspect there is a large community of nmap users who are like me. Having native support within nmap would reach a much larger audience.Maybe I don't understand you. The scripts *are* part of Nmap. They are included in the Ubuntu/Debian packages. You don't have to install anything separately. Just try running the example command line I showed. There are other IPv6 discovery scripts you might want to try. nmap --script-help 'targets-ipv6-*' https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html A ton of Nmap functionality is implemented through the scripting engine these days. If you've even run -sV, you've run a script.
Thanks again, David. You are right, of course, the scripts are in /usr/share/nmap/scripts/ But I am still having trouble, the mld script detects no hosts: cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse --script-args newtargets Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0' Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds The second run is right off example in: https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.htmlI have 11 IPv6 hosts on my network, not sure why it isn't finding something. Is there a debug flag to help understand where it is going wrong?
TIA, Craig... _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap scanning of IPv6 hosts Craig Miller (Dec 30)
- Re: nmap scanning of IPv6 hosts David Fifield (Dec 30)
- Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
- Re: nmap scanning of IPv6 hosts David Fifield (Dec 31)
- Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
- Re: nmap scanning of IPv6 hosts Daniel Miller (Dec 31)
- Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
- Re: nmap scanning of IPv6 hosts David Fifield (Dec 30)