Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sun, 27 Nov 2011 23:35:52 +0200

I think the vendor id from vuze-dht-info should be added to the
corresponding version detection field. "product", I think it was
called.

By looking at the code I get the picture that vuze-find-nodes attempts
to extract information about any connected nodes by trying out random
IDs. The bittorrent library does not work like this. Instead it lets
the user provide an ID as a magnet link or torrent file and uses the
ID to query the DHT. So the bittorrent library lacks support for
extracting node information by brute force, where as this script
doesn't support scans on specific IDs. I'll leave it up for discussion
which one we need, or if we should have both. I am a bit worried that
supporting one way for bittorrent dht, and another way for vuze dht
may confuse users.

On Sun, Nov 27, 2011 at 10:12 PM, Patrik Karlsson <patrik () cqure net> wrote:
Hi all,

Here are two more scripts from the secwiki script ideas page:
vuze-dht-info - retrieves a bunch of info (including protocol version) from
a remot vuze node
vuze-find-nodes - queries a remote node for a list of other nodes (ip port)

I'm also attaching the main library used by both scripts and the probe and
match line for nmap-service-probes.
What makes Vuze DHT kind of akward is the fact that there's no default port.
The documentation [1] recommends a (kind of broad) range to use, but I
found loads of nodes that are on not within that range.
Therefore I've found it kind of difficult to create a good portrule for the
scripts and port range for the probe.
I would appreciate some feedback here, berfore I commit.

Thanks,
Patrik

[1] http://wiki.vuze.com/w/Select_port_for_Vuze
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault