Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap scanning of IPv6 hosts

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 4 Jan 2016 13:25:37 -0600
Craig,

I'm not sure what could be causing the delay. You can use -d to increase
debugging output level, and at -d2 and higher, you will get a Lua stack
trace of all running threads when you press any key during execution. That
output would be helpful to diagnose the problem. Unfortunately, running
Nmap 6.40 under "sudo" makes this interaction impossible. We fixed that bug
in 6.49BETA1. I would still encourage you to upgrade Nmap itself, not just
the script.

Dan

On Mon, Jan 4, 2016 at 11:19 AM, Craig Miller <cvmiller () gmail com> wrote:


Thanks Daniel,

I gave the new MLD script a try, and there is something not right.

cvmiller@hau:/usr/share/nmap/scripts$ time sudo nmap -6 -F -v --script-args newtargets --script 
targets-ipv6-multicast-mld

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 17:26 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:26
NSE Timing: About 50.00% done; ETC: 17:27 (0:00:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:28 (0:01:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:29 (0:01:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:30 (0:02:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:31 (0:02:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:32 (0:03:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:33 (0:03:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:34 (0:04:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:35 (0:04:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:36 (0:05:01 remaining)
NSE Timing: About 50.00% done; ETC: 17:37 (0:05:34 remaining)
NSE Timing: About 50.00% done; ETC: 17:38 (0:06:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:40 (0:06:49 remaining)
NSE Timing: About 50.00% done; ETC: 17:41 (0:07:31 remaining)
NSE Timing: About 50.00% done; ETC: 17:43 (0:08:19 remaining)
NSE Timing: About 50.00% done; ETC: 17:44 (0:09:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:46 (0:10:07 remaining)
NSE Timing: About 50.00% done; ETC: 17:48 (0:11:10 remaining)
NSE Timing: About 50.00% done; ETC: 17:51 (0:12:19 remaining)
NSE Timing: About 50.00% done; ETC: 17:53 (0:13:34 remaining)
NSE Timing: About 50.00% done; ETC: 17:56 (0:14:58 remaining)
NSE Timing: About 50.00% done; ETC: 17:59 (0:16:28 remaining)
^C
real  16m43.579s
user  16m23.644s
sys   0m19.004s


Something is happening which appears to be tripping up the script (Or I am
not starting it correctly). Is there a flag I can use to get more debug
information?

thanks,

Craig...



On 15-12-31 12:26 PM, Daniel Miller wrote:

Craig,

I see you are using Nmap 6.40, released in July 2013. IPv6 support was one
of the biggest areas of improvement in the recent Nmap 7.00 release, so I
would encourage you to upgrade.

Regarding the MLD script specifically, we just fixed a bug and improved
detection [1], but the fix has not yet been released. You can get it by
downloading the script from the NSEdoc page [2] as well as the
multicast.lua library [3].

Dan

[1] http://seclists.org/nmap-dev/2015/q4/258
[2] https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
[3] https://nmap.org/nsedoc/lib/multicast.html
On Dec 31, 2015 1:24 PM, "Craig Miller" <cvmiller () gmail com> wrote:




On 15-12-31 09:22 AM, David Fifield wrote:


On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:



On 15-12-30 11:07 AM, David Fifield wrote:


On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller wrote:


It would be nice if nmap supported the MLD/ff02::1 approach natively,
as the
brute force method is not really practical for IPv6. I am hoping to
start a
discussion in order to further improve nmap.


If you use the newtargets script argument, the discovered addresses
will
be added to the target list and scanned.

nmap -6 -F -v --script-args newtargets --script
targets-ipv6-multicast-mld


Thanks David,

I will work through getting the targets-ipv6-multicast-mld script
running.
Perhaps there is a ubuntu/debian package which the casual user of nmap
can
use to install the script.

But the reason I was requesting that IPv6 scanning using the ff02::1
method
be integrated natively in nmap is to make it available for the casual
user
of nmap. I have used nmap and found it quite useful for over 13 years,
and
never ran a nse script. I suspect there is a large community of nmap
users
who are like me.

Having native support within nmap would reach a much larger audience.


Maybe I don't understand you. The scripts *are* part of Nmap. They are
included in the Ubuntu/Debian packages. You don't have to install
anything separately. Just try running the example command line I showed.

There are other IPv6 discovery scripts you might want to try.
nmap --script-help 'targets-ipv6-*'
https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html
https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html

A ton of Nmap functionality is implemented through the scripting engine
these days. If you've even run -sV, you've run a script.



Thanks again, David.

You are right, of course, the scripts are in /usr/share/nmap/scripts/

But I am still having trouble, the mld script detects no hosts:

cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
targets-ipv6-multicast-slaac.nse

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
targets-ipv6-multicast-slaac.nse --script-args newtargets

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$
cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6
--script=targets-ipv6-multicast-mld.nse --script-args
'newtargets,interface=eth0'

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds

The second run is right off example in:

https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html


I have 11 IPv6 hosts on my network, not sure why it isn't finding
something. Is there a debug flag to help understand where it is going wrong?

TIA,

Craig...



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: