Re: nmap scanning of IPv6 hosts

[Craig Miller <cvmiller () gmail com>]

Thanks Daniel,

I gave the new MLD script a try, and there is something not right.

cvmiller@hau:/usr/share/nmap/scripts$ time sudo nmap -6 -F -v --script-args newtargets --script 
targets-ipv6-multicast-mld

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 17:26 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:26
NSE Timing: About 50.00% done; ETC: 17:27 (0:00:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:28 (0:01:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:29 (0:01:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:30 (0:02:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:31 (0:02:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:32 (0:03:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:33 (0:03:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:34 (0:04:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:35 (0:04:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:36 (0:05:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:37 (0:05:34 remaining)
NSE Timing: About 50.00% done; ETC: 17:38 (0:06:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:40 (0:06:49 remaining)
NSE Timing: About 50.00% done; ETC: 17:41 (0:07:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:43 (0:08:19 remaining)
NSE Timing: About 50.00% done; ETC: 17:44 (0:09:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:46 (0:10:07 remaining)
NSE Timing: About 50.00% done; ETC: 17:48 (0:11:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:51 (0:12:19 remaining)
NSE Timing: About 50.00% done; ETC: 17:53 (0:13:34 remaining)
NSE Timing: About 50.00% done; ETC: 17:56 (0:14:58 remaining)
NSE Timing: About 50.00% done; ETC: 17:59 (0:16:28 remaining)
^C
real    16m43.579s
user    16m23.644s
sys     0m19.004s

Something is happening which appears to be tripping up the script (Or I 
am not starting it correctly). Is there a flag I can use to get more 
debug information?

thanks,

Craig...


On 15-12-31 12:26 PM, Daniel Miller wrote:
> Craig,
>
> I see you are using Nmap 6.40, released in July 2013. IPv6 support was 
> one of the biggest areas of improvement in the recent Nmap 7.00 
> release, so I would encourage you to upgrade.
>
> Regarding the MLD script specifically, we just fixed a bug and 
> improved detection [1], but the fix has not yet been released. You can 
> get it by downloading the script from the NSEdoc page [2] as well as 
> the multicast.lua library [3].
>
> Dan
>
> [1] http://seclists.org/nmap-dev/2015/q4/258
> [2] https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
> [3] https://nmap.org/nsedoc/lib/multicast.html
>
> On Dec 31, 2015 1:24 PM, "Craig Miller" <cvmiller () gmail com 
> <mailto:cvmiller () gmail com>> wrote:
>
>
>
>     On 15-12-31 09:22 AM, David Fifield wrote:
>
>         On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:
>
>
>             On 15-12-30 11:07 AM, David Fifield wrote:
>
>                 On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller
>                 wrote:
>
>                     It would be nice if nmap supported the MLD/ff02::1
>                     approach natively, as the
>                     brute force method is not really practical for
>                     IPv6. I am hoping to start a
>                     discussion in order to further improve nmap.
>
>                 If you use the newtargets script argument, the
>                 discovered addresses will
>                 be added to the target list and scanned.
>
>                 nmap -6 -F -v --script-args newtargets --script
>                 targets-ipv6-multicast-mld
>
>             Thanks David,
>
>             I will work through getting the targets-ipv6-multicast-mld
>             script running.
>             Perhaps there is a ubuntu/debian package which the casual
>             user of nmap can
>             use to install the script.
>
>             But the reason I was requesting that IPv6 scanning using
>             the ff02::1 method
>             be integrated natively in nmap is to make it available for
>             the casual user
>             of nmap. I have used nmap and found it quite useful for
>             over 13 years, and
>             never ran a nse script. I suspect there is a large
>             community of nmap users
>             who are like me.
>
>             Having native support within nmap would reach a much
>             larger audience.
>
>         Maybe I don't understand you. The scripts *are* part of Nmap.
>         They are
>         included in the Ubuntu/Debian packages. You don't have to install
>         anything separately. Just try running the example command line
>         I showed.
>
>         There are other IPv6 discovery scripts you might want to try.
>         nmap --script-help 'targets-ipv6-*'
>         https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html
>         https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html
>         https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html
>         https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
>         https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html
>         https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html
>
>         A ton of Nmap functionality is implemented through the
>         scripting engine
>         these days. If you've even run -sV, you've run a script.
>
>
>     Thanks again, David.
>
>     You are right, of course, the scripts are in /usr/share/nmap/scripts/
>
>     But I am still having trouble, the mld script detects no hosts:
>
>     cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
>     targets-ipv6-multicast-slaac.nse
>
>     Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
>     NSE: Loaded 1 scripts for scanning.
>     NSE: Script Pre-scanning.
>     NSE: Starting runlevel 1 (of 1) scan.
>     NSE: Script Post-scanning.
>     NSE: Starting runlevel 1 (of 1) scan.
>     Read data files from: /usr/bin/../share/nmap
>     WARNING: No targets were specified, so 0 hosts scanned.
>     Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
>     cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
>     targets-ipv6-multicast-slaac.nse --script-args newtargets
>
>     Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
>     NSE: Loaded 1 scripts for scanning.
>     NSE: Script Pre-scanning.
>     NSE: Starting runlevel 1 (of 1) scan.
>     NSE: Script Post-scanning.
>     NSE: Starting runlevel 1 (of 1) scan.
>     Read data files from: /usr/bin/../share/nmap
>     WARNING: No targets were specified, so 0 hosts scanned.
>     Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds
>     cvmiller@hau:/usr/share/nmap/scripts$
>     cvmiller@hau:/usr/share/nmap/scripts$
>     cvmiller@hau:/usr/share/nmap/scripts$
>     cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6
>     --script=targets-ipv6-multicast-mld.nse --script-args
>     'newtargets,interface=eth0'
>
>     Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST
>     WARNING: No targets were specified, so 0 hosts scanned.
>     Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
>
>     The second run is right off example in:
>
>     https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
>
>
>     I have 11 IPv6 hosts on my network, not sure why it isn't finding
>     something. Is there a debug flag to help understand where it is
>     going wrong?
>
>     TIA,
>
>     Craig...
>
>
>
>     _______________________________________________
>     Sent through the dev mailing list
>     https://nmap.org/mailman/listinfo/dev
>     Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/