Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] network interfaces
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 27 Jan 2011 20:02:18 +0100

Hi list,

Trying to close an old thread: http://seclists.org/nmap-dev/2010/q3/739

The patch 'nse_get_interface.diff' introduce two new functions.
The first one:
nmap.get_interface() to get the interface that Nmap is using, this can
be the interface that was specified with the '-e' option or the
interface attached to the address specified with the '-S' option.
This function is for the prerule scripts.

The second function:
nmap.get_interface_info() to get the interface information.
After some reflexions, I think that we should return only the
information of the interface specified as an argument, since most
scripts will be interested in one interface, there is no need to return
a list of the available interfaces. Script writers can get the
apropriate interface name from:
* prerule mode: the above mentioned nmap.get_interface()
* hostrule, portrule modes: host.interface of the host table.
This function should replace 'nmap.get_interface_link()', used only by
the sniffer-detect.nse script.

I must also point out that in NSE the host.interface field will be set
only if we are doing a raw scan, which is the default if we have the
apropriate privileges.
(a raw scan is a scan with raw sockets, ethernet or pcap stuff)

Speaking about the 'host.interface' field can some one tell us why it has
the value of the devname instead of devfullname ?


A script 'get_interface.nse' is attached to show how we can use these
new functions.


The final patch is a simple one for libnetutil and Nping, I've found
that some functions assume that the 'devname' and 'devfullname' fields
of the 'interface_info struct' (file: libnetutil/netutil.h line: 224)
are 16 bytes length, and others assume that they are 32 bytes length.
'devname' field in the Target.h file of nmap, line 323 is 32, so this is
a *quick* patch. but perhaps it can break some code in Nping (function:
getinterfaces_inet6_linux() of file: nping/utils_net.cc).



The output of the get_interface.nse test script:
# ./nmap -PN --datadir . --script get_interface.nse -n scanme.nmap.org -e eth0 -p80

Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-27 20:15 CET
Pre-scan script results:
| get_interface: 
|   interface: eth0
|   link: ethernet 
|   address: 10.0.2.15
|   broadcast: 10.0.2.255
|_  netmask: 24
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (1.3s latency).
PORT   STATE SERVICE
80/tcp open  http
| get_interface: 
|   interface: eth0
|   link: ethernet 
|   address: 10.0.2.15
|   broadcast: 10.0.2.255
|_  netmask: 24

Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds

-- 
tixxdz

Attachment: nse_get_interface.diff
Description:

Attachment: libnetutil_nping_devname_len.diff
Description:

Attachment: get_interface.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault