Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address

From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Mon, 11 Jun 2007 10:18:03 -0500
Eddie Bell wrote:

On 11/06/07, Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar> wrote:

NICE! Anyway, the complete private range for class B is:
172.16.0.0 - 172.31.255.255


Ah, yeah. Well you get the general idea :)
Here's a quick patch that checks for RFC 1918 addresses, and returns false from the portrule() function, which causes the script not to be run. 

Let me know what you think.

Thomas

Index: ripeQuery.nse
===================================================================
--- ripeQuery.nse       (revision 4890)
+++ ripeQuery.nse       (working copy)
@@ -6,6 +6,24 @@
 categories = {"discovery"}
 
 hostrule = function(host, port)
+       -- check to see if host is part of RFC 1918 address space
+       -- if so, don't bother with the RIPE lookup
+       local a, b
+       a, b = string.match(host.ip, "(%d+)%.(%d+)%.")
+       
+       if a == "10" then
+               return false
+       elseif a == "172" then
+               local c = tonumber(b)
+               if c > 15 and c < 32 then
+                       return false
+               end
+       elseif a == "192" then
+               if b == "168" then
+                       return false
+               end
+       end
+
        return true
 end
 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: