Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] firewalk-path script
From: Henri Doreau <henri.doreau () gmail com>
Date: Mon, 10 Jan 2011 10:23:31 +0100


please find attached a new firewalking script. It will basically try
to guess at which point of the path to a given target is a port
blocked. To achieve this, it sends probes to filtered ports with low
IP TTLs and waits for ICMP TIME_EXCEEDED messages that would prove
that a probe has reached the emitter.

Starting with a TTL equal to the distance to the target and decreasing
after each timeout, we can stop probing a given port as soon as we get
the first ICMP reply for this port.

As for my previous firewalk script, the --traceroute flag is
mandatory, and the script has to be run with root privileges. Some
options are available but optional.

You can test it quickly using the following command line:

nmap --datadir . --script firewalk-path --traceroute --top-ports 10

I don't know whether it should replace the existing firewalk.nse
script or not. Maybe by adding some option to select a given gateway
on the path?

I hope that you'll find it interesting, feedback welcome!


Henri Doreau,
henri.doreau () gmail com

Attachment: firewalk-path.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]