Nmap Development mailing list archives

[NSE] broadcast-igmp-discovery.nse: add group names

From: Vasily Kulikov <segoon () openwall com>
Date: Wed, 28 Nov 2012 21:31:24 +0400

Hi,

This patch adds support for group names identification from plain
multicast ip addresses.  A script which collects the DB is included in
the comments to the script.

The attached file is a precomputed DB.

ip_less(a,b) checks whether ip 'a' is less than ip 'b' octet-by-octet.
I haven't found any existing useful API for that, probably it may be
optimized.

--- scripts/broadcast-igmp-discovery.nse.old    2012-11-28 12:38:03.044421190 +0400
+++ scripts/broadcast-igmp-discovery.nse        2012-11-28 15:55:49.115281064 +0400
@@ -63,6 +63,20 @@
 -- |_  Use the newtargets script-arg to add the results as targets
 --
 
+-- 
+-- The Multicast Group names DB can be created by the following script:
+-- 
+-- #!/usr/bin/awk -f
+-- BEGIN { FS="<|>"; }
+-- /<record/ { r=1; addr1=""; addr2=""; rfc=""; }
+-- /<addr>.*-.*<\/addr>/ { T=$3; FS="-"; $0=T; addr1=$1; addr2=$2; FS="<|>"; }
+-- /<addr>[^-]*<\/addr>/ { addr1=$3; addr2=$3; }
+-- /<description>/ { desc=$3; }
+-- /<\/record/ { r=0; if (addr1) { print addr1 "\t" addr2 "\t" desc; } }
+--
+-- wget -O- http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xml | \
+--      ./extract-mg-names >nselib/data/mgroupnames.db
+
 
 prerule = function()
     if nmap.address_family() ~= 'inet' then
@@ -262,6 +276,46 @@
           < ipOps.todword(b.src) + b.type + (b.ngroups or ipOps.todword(b.group))
 end
 
+local mgroup_names_get = function(filename)
+    local groupnames_db = {}
+
+    local file = io.open(filename, "r")
+    if not file then
+       return false
+    end
+
+    for l in file:lines() do
+       groupnames_db[#groupnames_db + 1] = stdnse.strsplit("\t", l)
+    end
+
+    file:close()
+    return groupnames_db
+end
+
+local ipstr_to_str = function(s)
+    local p = stdnse.strsplit("%.", s)
+    local ss = string.format("%3s%3s%3s%3s", p[1], p[2], p[3], p[4])
+    return ss
+end
+
+local ip_less = function(a, b)
+    local a_s = ipstr_to_str(a)
+    local b_s = ipstr_to_str(b)
+    return a_s < b_s
+end
+
+local mgroup_name_identify = function(db, ip)
+    for _, mg in ipairs(db) do
+        local ip1 = mg[1]
+        local ip2 = mg[2]
+        local desc = mg[3]
+        if (not ip_less(ip, ip1) and not ip_less(ip2, ip)) then
+            stdnse.print_debug("%s: found! %s <= %s <= %s (%s)", SCRIPT_NAME, ip1, ip, ip2, desc)
+            return desc
+        end
+    end
+    return false
+end
 
 action = function(host, port)
     local timeout = tonumber(stdnse.get_script_args(SCRIPT_NAME .. ".timeout")) or 7
@@ -275,6 +329,10 @@
     local responses, results, interfaces, lthreads = {}, {}, {}, {}
     local result, grouptable, sourcetable
 
+    local group_names_fname = stdnse.get_script_args(SCRIPT_NAME .. ".mgroupnamesdb") or
+        nmap.fetchfile("nselib/data/mgroupnames.db")
+    local group_names = group_names_fname and mgroup_names_get(group_names_fname)
+
     -- Check the interface
     interface = interface or nmap.get_interface()
     if interface then
@@ -335,6 +393,10 @@
            elseif response.type == 0x16 then
                table.insert(result, "Version: 2")
                table.insert(result, "Group: ".. response.group)
+               local mg_desc = mgroup_name_identify(group_names, response.group)
+               if mg_desc then
+                   table.insert(result, "Description: ".. mg_desc)
+               end
            elseif response.type == 0x22 then
                table.insert(result, "Version: 3")
                for _, group in pairs(response.groups) do
@@ -352,6 +414,10 @@
                        table.insert(grouptable, sourcetable) 
                    end
                    table.insert(result, grouptable)
+                   local mg_desc = mgroup_name_identify(group_names, group.address)
+                   if mg_desc then
+                       table.insert(result, "Description: ".. mg_desc)
+                   end
                end
            end
            table.insert(results, result)
-- 
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments

Attachment: mgroupnames.db
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] broadcast-igmp-discovery.nse: add group names Vasily Kulikov (Nov 28)
- Re: [NSE] broadcast-igmp-discovery.nse: add group names Vasily Kulikov (Nov 28)
- Re: [NSE] broadcast-igmp-discovery.nse: add group names David Fifield (Nov 28)
  - Re: [NSE] broadcast-igmp-discovery.nse: add group names Vasily Kulikov (Nov 29)
    - Re: [NSE] broadcast-igmp-discovery.nse: add group names David Fifield (Nov 29)