Re: IPv6 Descovery scripts

[John <nmap-dev () johnbond org>]

Hi Daniel,

Thanks for the commets,

On 20/06/2015 04:51, Daniel Miller wrote:
> John,
>
> Thanks for the initial effort. I have some concerns or questions based
> on the existing state of these scripts. The primary thing I think they
> need is good documentation, especially the description. In one case,
> you haven't changed the description from that of targets-ipv6-wordlist
> at all. The other two have the same description as each other.
This is just sloppy copy and pasting, should be updated now
> From what I can understand, given an IPv6 network prefix, the scripts
> generate addresses in the following ways:
>
> * targets-ipv6-dhcp adds certain consecutive address blocks like the
> first 255 addresses (*::1 to *::ff) and the range *::3e8 to *::7d0,
> based on default behavior of some DHCP6 servers.
Correct the ranges where taken from
https://github.com/dragonresearchgroup/pfuzz
> * targets-ipv6-mac brute-forces the last 3 octets of a MAC address
> given a vendor MAC prefix to generate SLAAC MAC-based addresses.
Correct again
> * targets-ipv6-ports appears to work on the assumption that addresses
> are assigned according to what service is offered on the host, so that
> a web server (80 in hex is 0x50) would have an address ending in :50.
> Addresses are generated based on a list of port numbers.
not quite a port of 80 should have a v6 address ending in 80; however we
could also add the hex representation of that port.
> The other confusion I had when reading these comes in part from the
> fact that Raúl's original scripts were written to be part of a larger
> framework that supported his academic work. I removed the
> interdependencies in order to commit the first scripts, but a lot of
> the structure is still there, and is not self-documenting for someone
> without Spanish language skills.
Yes it took me quite a bit of time to parse and is one of the reasone
that i didn't refactor things in a more elagant manner, this was very
much a hack job when i had 20 minutes to spare
> You may be better off stripping the script down to essentials before
> adding your new capability.
I agree, i wonder if it is better to have a library with shared
functions or just have all 4 scripts merged into the same script and
controlled by a script-arg?  Not sure when ill get the time to look at
it though

> Please let me know if my understanding is incorrect.
Pretty much, thanks John
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/