Home page logo

nmap-dev logo Nmap Development mailing list archives

Several SNMP script additions
From: Brendan Byrd <sineswiper () gmail com>
Date: Sat, 17 Dec 2011 20:55:23 -0500

Got a bunch of library and script changes.  Here's the list of changes:

   1. New snmp-routing script: Searches each SNMP active host for new
   targets via the routing tables.  The idea is that you can point to a single
   target and branch out to the entire network.  (Some caveats below.)
   2. New snmp-system script.  This should be a replacement for
   snmp-sysdescr.  It gives out a bit more information, and acts as a version
   script to identify hostnames, OS type, etc.  Functions to look through the
   sysDescr string should turn into a larger project, as this is a very
   valuable set of data for version/OS detection.
   3. Changes to snmp-brute: New "scanalways" option, and some code
   4. Lots of new functions to ipOps to beef up its CIDR range capabilities.
   5. A few new functions to target library, including an exclude list to
   prevent duplicate IPs from being added, even down to the IP level for
   ranges.  (Some caveats below.)
   6. Changes to snmp library: Some code refinement, SNMPv2/3 additions,
   support for partial table pulls, etc.  A getBulkRequest function is
   included, but needs some debugging, as it doesn't currently return
   anything.  (It must be something simple that I'm missing, but I can't quite
   figure it out.)

Caveats and discussion points:

   1. Everything is in Lua.  The target and ipOps libraries should probably
   be converted to pure C code, for speed and accessibility to internal data.
   2. Target library doesn't have access to NMap's main target and exclude
   lists, so the new "dupe list" is outside of the existing lists.  This means
   that a new target could still dupe one of the command-specified targets,
   but it won't dupe after that.  This also means that adding a target to the
   exclude list isn't going to remove future targets that were already added
   previously.  Fixing point #1 would solve all of this.
   3. The snmp-routing script is rather slow, depending on the device.
   Various routing protocols will send its entire internal routing table to
   every other device, so you may end up with the same copy on many different
   devices, thus all of that table ripping takes a while.  The new target
   library fixes the dupes, but it can't remove interface addresses to keep
   the same device from getting queried over and over again.
   4. The snmp-brute script needs some better logic to deal with certain
   machines.  One popular device we deal with will put a temporary (maybe 2-3
   minute) block on IPs that are constantly banging it with different
   community strings at the same time, or if you're trying to query several
   tables all at once.  Getting the right community string with these devices
   seems to be impossible with snmp-brute.  Doing parallel hosts is fine, but
   parallel community hits is just going to cause trouble.
   5. There is no interface within Lua to put in os.* data.  SNMP can
   already tell you the uptime, but there's no way to communicate that to NMap
   because of the lack of an interface.

Brendan Byrd/SineSwiper <SineSwiper () GMail com>

Attachment: scripts.zip

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]