Re: nmap scanning of IPv6 hosts

[Craig Miller <cvmiller () gmail com>]

Hi Dan,

Good news, I moved to an embedded machine runing Arch which has a newer
version of nmap (v7.01). And the updated nse script runs.
[root@alarm scripts]# time nmap -6 -F -v --script-args newtargets --script
targets-ipv6-multicast-mld

Starting Nmap 7.01 ( https://nmap.org ) at 2016-01-04 21:19 UTC
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:19
Completed NSE at 21:19, 10.08s elapsed
Pre-scan script results:
| targets-ipv6-multicast-mld:
|   IP: fe80::224:a5ff:fed7:3088  MAC: 00:24:a5:d7:30:88  IFACE: eth0
|_  IP: fe80::280:77ff:feeb:1dde  MAC: 00:80:77:eb:1d:de  IFACE: eth0


However, it doesn't discover all my hosts on the net. If I use the
v6disc.sh you can see there are quite a few more ipv6 hosts.
[root@alarm scripts]# /home/alarm/v6disc.sh
-- Searching for interface(s)
Found interface(s): eth0
-- INT:eth0 prefixs:2001:470:1d:583 2607:c000:8100:1500
-- Detecting hosts on eth0 link
fe80::129a:ddff:fe54:b634
fe80::203:93ff:fe67:4362
fe80::211:24ff:fece:f1a
fe80::211:24ff:fee1:dbc8
fe80::224:a5ff:fed7:3088
fe80::224:a5ff:fef1:7ca
fe80::225:31ff:fe02:aecb
fe80::226:bbff:fe1e:7e15
fe80::256:b3ff:fe04:cbe5
fe80::280:77ff:feeb:1dde
fe80::6221:c0ff:fee0:8f0a
fe80::a00:27ff:fe21:e445


At this point, I am hoping to help you out, since I can use v6disc.sh to
fire off nmap against my hosts.

Craig...



On Mon, Jan 4, 2016 at 11:25 AM, Daniel Miller <bonsaiviking () gmail com>
wrote:

> Craig,
>
> I'm not sure what could be causing the delay. You can use -d to increase
> debugging output level, and at -d2 and higher, you will get a Lua stack
> trace of all running threads when you press any key during execution. That
> output would be helpful to diagnose the problem. Unfortunately, running
> Nmap 6.40 under "sudo" makes this interaction impossible. We fixed that bug
> in 6.49BETA1. I would still encourage you to upgrade Nmap itself, not just
> the script.
>
> Dan
>
> On Mon, Jan 4, 2016 at 11:19 AM, Craig Miller <cvmiller () gmail com> wrote:
>
> > Thanks Daniel,
> >
> > I gave the new MLD script a try, and there is something not right.
> >
> > cvmiller@hau:/usr/share/nmap/scripts$ time sudo nmap -6 -F -v --script-args newtargets --script 
> > targets-ipv6-multicast-mld
> >
> > Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 17:26 PST
> > NSE: Loaded 1 scripts for scanning.
> > NSE: Script Pre-scanning.
> > Initiating NSE at 17:26
> > NSE Timing: About 50.00% done; ETC: 17:27 (0:00:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:28 (0:01:01 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:29 (0:01:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:30 (0:02:01 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:31 (0:02:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:32 (0:03:01 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:33 (0:03:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:34 (0:04:01 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:35 (0:04:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:36 (0:05:01 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:37 (0:05:34 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:38 (0:06:10 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:40 (0:06:49 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:41 (0:07:31 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:43 (0:08:19 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:44 (0:09:10 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:46 (0:10:07 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:48 (0:11:10 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:51 (0:12:19 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:53 (0:13:34 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:56 (0:14:58 remaining)
> > NSE Timing: About 50.00% done; ETC: 17:59 (0:16:28 remaining)
> > ^C
> > real 16m43.579s
> > user 16m23.644s
> > sys  0m19.004s
> >
> >
> > Something is happening which appears to be tripping up the script (Or I
> > am not starting it correctly). Is there a flag I can use to get more debug
> > information?
> >
> > thanks,
> >
> > Craig...
> >
> >
> >
> > On 15-12-31 12:26 PM, Daniel Miller wrote:
> >
> > Craig,
> >
> > I see you are using Nmap 6.40, released in July 2013. IPv6 support was
> > one of the biggest areas of improvement in the recent Nmap 7.00 release, so
> > I would encourage you to upgrade.
> >
> > Regarding the MLD script specifically, we just fixed a bug and improved
> > detection [1], but the fix has not yet been released. You can get it by
> > downloading the script from the NSEdoc page [2] as well as the
> > multicast.lua library [3].
> >
> > Dan
> >
> > [1] http://seclists.org/nmap-dev/2015/q4/258
> > [2] https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
> > [3] https://nmap.org/nsedoc/lib/multicast.html
> > On Dec 31, 2015 1:24 PM, "Craig Miller" <cvmiller () gmail com> wrote:
> >
> > > On 15-12-31 09:22 AM, David Fifield wrote:
> > >
> > > > On Thu, Dec 31, 2015 at 08:23:49AM -0800, Craig Miller wrote:
> > > >
> > > > > On 15-12-30 11:07 AM, David Fifield wrote:
> > > > >
> > > > > > On Wed, Dec 30, 2015 at 08:55:59AM -0800, Craig Miller wrote:
> > > > > >
> > > > > > > It would be nice if nmap supported the MLD/ff02::1 approach
> > > > > > > natively, as the
> > > > > > > brute force method is not really practical for IPv6. I am hoping to
> > > > > > > start a
> > > > > > > discussion in order to further improve nmap.
> > > > > > If you use the newtargets script argument, the discovered addresses
> > > > > > will
> > > > > > be added to the target list and scanned.
> > > > > >
> > > > > > nmap -6 -F -v --script-args newtargets --script
> > > > > > targets-ipv6-multicast-mld
> > > > > Thanks David,
> > > > >
> > > > > I will work through getting the targets-ipv6-multicast-mld script
> > > > > running.
> > > > > Perhaps there is a ubuntu/debian package which the casual user of nmap
> > > > > can
> > > > > use to install the script.
> > > > >
> > > > > But the reason I was requesting that IPv6 scanning using the ff02::1
> > > > > method
> > > > > be integrated natively in nmap is to make it available for the casual
> > > > > user
> > > > > of nmap. I have used nmap and found it quite useful for over 13 years,
> > > > > and
> > > > > never ran a nse script. I suspect there is a large community of nmap
> > > > > users
> > > > > who are like me.
> > > > >
> > > > > Having native support within nmap would reach a much larger audience.
> > > > Maybe I don't understand you. The scripts *are* part of Nmap. They are
> > > > included in the Ubuntu/Debian packages. You don't have to install
> > > > anything separately. Just try running the example command line I showed.
> > > >
> > > > There are other IPv6 discovery scripts you might want to try.
> > > > nmap --script-help 'targets-ipv6-*'
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html
> > > > https://nmap.org/nsedoc/scripts/targets-ipv6-wordlist.html
> > > >
> > > > A ton of Nmap functionality is implemented through the scripting engine
> > > > these days. If you've even run -sV, you've run a script.
> > >
> > > Thanks again, David.
> > >
> > > You are right, of course, the scripts are in /usr/share/nmap/scripts/
> > >
> > > But I am still having trouble, the mld script detects no hosts:
> > >
> > > cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
> > > targets-ipv6-multicast-slaac.nse
> > >
> > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
> > > NSE: Loaded 1 scripts for scanning.
> > > NSE: Script Pre-scanning.
> > > NSE: Starting runlevel 1 (of 1) scan.
> > > NSE: Script Post-scanning.
> > > NSE: Starting runlevel 1 (of 1) scan.
> > > Read data files from: /usr/bin/../share/nmap
> > > WARNING: No targets were specified, so 0 hosts scanned.
> > > Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
> > > cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script
> > > targets-ipv6-multicast-slaac.nse --script-args newtargets
> > >
> > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
> > > NSE: Loaded 1 scripts for scanning.
> > > NSE: Script Pre-scanning.
> > > NSE: Starting runlevel 1 (of 1) scan.
> > > NSE: Script Post-scanning.
> > > NSE: Starting runlevel 1 (of 1) scan.
> > > Read data files from: /usr/bin/../share/nmap
> > > WARNING: No targets were specified, so 0 hosts scanned.
> > > Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds
> > > cvmiller@hau:/usr/share/nmap/scripts$
> > > cvmiller@hau:/usr/share/nmap/scripts$
> > > cvmiller@hau:/usr/share/nmap/scripts$
> > > cvmiller@hau:/usr/share/nmap/scripts$ sudo nmap -6
> > > --script=targets-ipv6-multicast-mld.nse --script-args
> > > 'newtargets,interface=eth0'
> > >
> > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:18 PST
> > > WARNING: No targets were specified, so 0 hosts scanned.
> > > Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
> > >
> > > The second run is right off example in:
> > >
> > > https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
> > >
> > >
> > > I have 11 IPv6 hosts on my network, not sure why it isn't finding
> > > something. Is there a debug flag to help understand where it is going wrong?
> > >
> > > TIA,
> > >
> > > Craig...
> > >
> > >
> > >
> > > _______________________________________________
> > > Sent through the dev mailing list
> > > https://nmap.org/mailman/listinfo/dev
> > > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/