Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] tftp-enum.nse, tftp files enumeration scripts
From: Alexander Rudakov <freekoder () gmail com>
Date: Sat, 28 May 2011 00:05:12 +0400

Yep. Code I sended yesterday works but was corrupted (accidental
copy-paste). Sorry.
Corrected version in attachment.

2011/5/26 Alexander Rudakov <freekoder () gmail com>

Hi all.

I would like to introduce my next python utility reimplementation as nmap
Some times ago I tried tftpthieft utility. TFTP Theft is a tool which
allows one to quickly scan/bruteforce a tftp server for files and download
them instantly.
You can find it at http://code.google.com/p/tftptheft/.
I thought it would be nice to have such functionality as nmap script
(except file downloading).

I extended search algorithm of tftpthieft. Some cisco administrators store
router config files at tftp.
Cisco config filename has pattern router_name-confg. Many administrators
name their routers by network address of router.
The idea is that tftp server can be on the same network as the cisco
router. So tftp-enum script iterates over network addresses and try to find
files with pattern network_address-confg.

Script usage is simple:

nmap -sU -p 69 --script tftp-enum.nse
--script-args="tftp-enum.filelist=customlist.txt" <host>

By default script takes filenames to enumerate from data file
nselib/data/tftplist.txt, but you can specify your own file with names by
tftp-enum.filelist arg.

Script tested on nmap 5.51. It does not work on 5.21 and prior versions.
I could find cisco ip phones by random network scaning, so script works.

Little about the plans:
1) Code cleanups
2) Bug fixing
3) Adding new filenames to list (based on popular cisco routers names)
4) Try to speed up script (it is too slow now).

I need help in compiling a list of popular default names of cisco routers
(have some ideas about patterns) and thougths about script perfomance
(speed) improvements.
Any other feedback is needed.

With best regards, Alexander Rudakov (insane code monkey).

Attachment: tftp-enum.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]