mailing list archives
Several SNMP script additions
From: Brendan Byrd <sineswiper () gmail com>
Date: Sun, 18 Dec 2011 10:29:17 -0500
Got a bunch of library and script changes. Here's the list of changes:
1. New snmp-routing script: Searches each SNMP active host for new
targets via the routing tables. The idea is that you can point to a single
target and branch out to the entire network. (Some caveats below.)
2. New snmp-system script. This should be a replacement for
snmp-sysdescr. It gives out a bit more information, and acts as a version
script to identify hostnames, OS type, etc. Functions to look through the
sysDescr string should turn into a larger project, as this is a very
valuable set of data for version/OS detection.
3. Changes to snmp-brute: New "scanalways" option, and some code
4. Lots of new functions to ipOps to beef up its CIDR range capabilities.
5. A few new functions to target library, including an exclude list to
prevent duplicate IPs from being added, even down to the IP level for
ranges. (Some caveats below.)
6. Changes to snmp library: Some code refinement, SNMPv2/3 additions,
support for partial table pulls, etc. A getBulkRequest function is
included, but needs some debugging, as it doesn't currently return
anything. (It must be something simple that I'm missing, but I can't quite
figure it out.)
Caveats and discussion points:
1. Everything is in Lua. The target and ipOps libraries should probably
be converted to pure C code, for speed and accessibility to internal data.
2. Target library doesn't have access to NMap's main target and exclude
lists, so the new "dupe list" is outside of the existing lists. This means
that a new target could still dupe one of the command-specified targets,
but it won't dupe after that. This also means that adding a target to the
exclude list isn't going to remove future targets that were already added
previously. Fixing point #1 would solve all of this.
3. The snmp-routing script is rather slow, depending on the device.
Various routing protocols will send its entire internal routing table to
every other device, so you may end up with the same copy on many different
devices, thus all of that table ripping takes a while. The new target
library fixes the dupes, but it can't remove interface addresses to keep
the same device from getting queried over and over again.
4. The snmp-brute script needs some better logic to deal with certain
machines. One popular device we deal with will put a temporary (maybe 2-3
minute) block on IPs that are constantly banging it with different
community strings at the same time, or if you're trying to query several
tables all at once. Getting the right community string with these devices
seems to be impossible with snmp-brute. Doing parallel hosts is fine, but
parallel community hits is just going to cause trouble.
5. There is no interface within Lua to put in os.* data. SNMP can
already tell you the uptime, but there's no way to communicate that to NMap
because of the lack of an interface.
Brendan Byrd/SineSwiper <SineSwiper () GMail com>
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/