mailing list archives
[NSE] tftp-enum.nse, tftp files enumeration scripts
From: Alexander Rudakov <freekoder () gmail com>
Date: Thu, 26 May 2011 22:24:57 +0400
I would like to introduce my next python utility reimplementation as nmap
Some times ago I tried tftpthieft utility. TFTP Theft is a tool which allows
one to quickly scan/bruteforce a tftp server for files and download them
You can find it at http://code.google.com/p/tftptheft/.
I thought it would be nice to have such functionality as nmap script (except
I extended search algorithm of tftpthieft. Some cisco administrators store
router config files at tftp.
Cisco config filename has pattern router_name-confg. Many administrators
name their routers by network address of router.
The idea is that tftp server can be on the same network as the cisco router.
So tftp-enum script iterates over network addresses and try to find files
with pattern network_address-confg.
Script usage is simple:
nmap -sU -p 69 --script tftp-enum.nse
By default script takes filenames to enumerate from data file
nselib/data/tftplist.txt, but you can specify your own file with names by
Script tested on nmap 5.51. It does not work on 5.21 and prior versions.
I could find cisco ip phones by random network scaning, so script works.
Little about the plans:
1) Code cleanups
2) Bug fixing
3) Adding new filenames to list (based on popular cisco routers names)
4) Try to speed up script (it is too slow now).
I need help in compiling a list of popular default names of cisco routers
(have some ideas about patterns) and thougths about script perfomance
Any other feedback is needed.
With best regards, Alexander Rudakov (insane code monkey).
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] tftp-enum.nse, tftp files enumeration scripts Alexander Rudakov (May 26)