[ipv6hackers] nmap NSE scripts
jsklein at gmail.com
Fri Oct 11 19:24:56 CEST 2013
I had done the same thing, converting my IPv6 c++ and SCAPY attack/audit
applications into a private nmap scripts repository, as a fun exercise. The
scripts work better, since the recent nmap upgrade. So thank you Fyodor
for making nmap better for scripting.
On Thu, Oct 10, 2013 at 7:26 PM, Fyodor <fyodor at nmap.org> wrote:
> On Mon, Oct 7, 2013 at 3:01 PM, Adam Števko <adam.stevko at gmail.com> wrote:
> > Hi guys,
> > as a part of a semester project, I decided to enhance nmap with several
> > NSE scripts for various IPv6 vulnerabilities. These NSE scripts should be
> > based on their counterparts from various IPv6 toolkits available out
> > most notably thc-ipv6 and IPv6 toolkit. Implementing some of those tools
> > nmap NSE scripts will make them available to a larger audience and enable
> > to run on wide range of platforms.
> Hi Adam. We'd certainly appreciate your help as IPv6 has long been a major
> Nmap priority. I added the initial support more than 11 years ago (August
> 2002) and it has slowly improved to the point where almost all Nmap
> functionality now supports IPv6. That includes raw packet port scanning,
> version detection, our custom machine-learning-based IPv6 OS detection
> system, and of course the Nmap Scripting Engine. We're also rather proud
> of our multicast IPv6 host discovery systems.
> That being said, there is always room for improvement. And NSE is usually
> the best way to implement new techniques. Nmap's top priority is network
> discovery, so that functionality is most welcome. Also, you'll want to
> make sure you don't duplicate our existing IPv6-related scripts, such as:
> * Sends a DHCPv6 request (Solicit) to the DHCPv6 multicast address, parses
> the response, then extracts and prints the address along with any options
> returned by the server.
> dns-ip6-arpa-scan http://nmap.org/nsedoc/scripts/dns-ip6-arpa-scan.html
> * Performs a quick reverse DNS lookup of an IPv6 network using a technique
> which analyzes DNS server response codes to dramatically reduce the number
> of queries needed to enumerate large networks.
> ipv6-node-info http://nmap.org/nsedoc/scripts/ipv6-node-info.html
> * Obtains hostnames, IPv4 and IPv6 addresses through IPv6 Node Information
> ipv6-ra-flood http://nmap.org/nsedoc/scripts/ipv6-ra-flood.html
> * Generates a flood of Router Advertisements (RA) with random source MAC
> addresses and IPv6 prefixes. Computers, which have stateless
> autoconfiguration enabled by default (every major OS), will start to
> compute IPv6 suffix and update their routing table to reflect the accepted
> announcement. This will cause 100% CPU usage on Windows and platforms,
> preventing to process other application requests.
> * Sends an ICMPv6 echo request packet to the all-nodes link-local multicast
> address (<code>ff02::1</code>) to discover responsive hosts on a LAN
> without needing to individually ping each IPv6 address.
> * Sends an ICMPv6 packet with an invalid extension header to the all-nodes
> link-local multicast address (<code>ff02::1</code>) to discover (some)
> available hosts on the LAN. This works because some hosts will respond to
> this probe with an ICMPv6 Parameter Problem packet.
> * Attempts to discover available IPv6 hosts on the LAN by sending an MLD
> (multicast listener discovery) query to the link-local multicast address
> (ff02::1) and listening for any responses. The query's maximum response
> delay set to 0 to provoke hosts to respond immediately rather than waiting
> for other responses from their multicast group.
> * Performs IPv6 host discovery by triggering stateless address
> auto-configuration (SLAAC).
> One of our main criteria for accepting new scripts is that they meet a
> concrete need of security/networking admins/analysts. So instead of just
> saying "this sends an IPv6 blahblah probe and prints the response", tell us
> why someone might send such a probe and how the information returned can be
> Also, as Fernando noted, you don't need to base all your ideas on thc-ipv6
> and the IPv6 Toolkit. Those are wonderful tools, but you don't need to
> limit yourself to things they can already do.
> Cheers, and best wishes for your project!
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
More information about the Ipv6hackers