Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: [NSE Script] Tor Node Checker

[NSE Script] Tor Node Checker

From: Kris Katterjohn <katterjohn_at_gmail.com>
Date: Wed, 10 Oct 2007 15:37:05 -0500

Hi everyone!

Hopefully I didn't get you excited and in hopes of a really awesome tor
node script, but if I did then I hope you'll be happy with this :)

I've used tor quite a bit, but I mainly don't since it's so slow. I
decided I would, however, like a tor node checking script.

But as we all know here on nmap-dev, I'm not perfect :) Hopefully this
will be a good starting ground for others to make a really great script
for this.

There are tor service matches in Service Detection, so that makes this
script easy when it's employed and matched. However, I wanted to add
other tests for systems that are *probably* nodes. This is what this
script needs to be really great, since I doubt I've covered enough.

Tor nodes on "tor network status" sites have a lot of ports 9001 and
9030 that are open, but don't match "tor" or "tor-info" (they tend to
just be left "unknown"). So I check if they're both open and say it
looks like one if so. Should I check for "unknown" for both of these?

These (and others) should be good when version detection isn't run.

I hope you guys like the idea of this script and would like to make it
cooler. Please let me know what you think! :)

Thanks,
Kris Katterjohn

-- Look at the target system and determine (guess) if it's a Tor node

-- 10/10/2007

id = "Tor Node"

description = "Check if the target is a Tor node"

author = "Kris Katterjohn <katterjohn_at_gmail.com>"

license = "Look at Nmap's COPYING"

categories = {"discovery"}

-- If port 9001 is "tor", 9030 is "tor-info" and/or both ports are open
hostrule = function(host, port)
        local p9001 = nmap.get_port_state(host, {number=9001, protocol="tcp"})
        local p9030 = nmap.get_port_state(host, {number=9030, protocol="tcp"})

        if p9030 ~= nil and p9030.state == "open" then
                if p9030.service == "tor-info" then
                        return true
                elseif p9001 ~= nil and p9001.state == "open" then
                        return true
                end
        elseif p9001 ~= nil and p9001.state == "open" and p9001.service == "tor" then
                return true
        end
end

action = function(host, port)
        return "Looks like a Tor node"
end

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 10 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]