[ipv6hackers] nmap NSE scripts

Joe Klein jsklein at gmail.com
Fri Oct 11 19:24:56 CEST 2013


I had done the same thing, converting my IPv6 c++  and SCAPY attack/audit
applications into a private nmap scripts repository, as a fun exercise. The
scripts work better, since the recent nmap upgrade.  So thank you Fyodor
for making nmap better for scripting.

Joe Klein

On Thu, Oct 10, 2013 at 7:26 PM, Fyodor <fyodor at nmap.org> wrote:

> On Mon, Oct 7, 2013 at 3:01 PM, Adam Števko <adam.stevko at gmail.com> wrote:
> > Hi guys,
> >
> > as a part of a semester project, I decided to enhance nmap with several
> > NSE scripts for various IPv6 vulnerabilities. These NSE scripts should be
> > based on their counterparts from various IPv6 toolkits available out
> there,
> > most notably thc-ipv6 and IPv6 toolkit. Implementing some of those tools
> as
> > nmap NSE scripts will make them available to a larger audience and enable
> > to run on wide range of platforms.
> Hi Adam.  We'd certainly appreciate your help as IPv6 has long been a major
> Nmap priority.  I added the initial support more than 11 years ago (August
> 2002) and it has slowly improved to the point where almost all Nmap
> functionality now supports IPv6.  That includes raw packet port scanning,
> version detection, our custom machine-learning-based IPv6 OS detection
> system, and of course the Nmap Scripting Engine.  We're also rather proud
> of our multicast IPv6 host discovery systems.
> That being said, there is always room for improvement.  And NSE is usually
> the best way to implement new techniques.  Nmap's top priority is network
> discovery, so that functionality is most welcome.  Also, you'll want to
> make sure you don't duplicate our existing IPv6-related scripts, such as:
> broadcast-dhcp6-discover
> http://nmap.org/nsedoc/scripts/broadcast-dhcp6-discover.html
> * Sends a DHCPv6 request (Solicit) to the DHCPv6 multicast address, parses
> the response, then extracts and prints the address along with any options
> returned by the server.
> dns-ip6-arpa-scan http://nmap.org/nsedoc/scripts/dns-ip6-arpa-scan.html
> * Performs a quick reverse DNS lookup of an IPv6 network using a technique
> which analyzes DNS server response codes to dramatically reduce the number
> of queries needed to enumerate large networks.
> ipv6-node-info http://nmap.org/nsedoc/scripts/ipv6-node-info.html
> * Obtains hostnames, IPv4 and IPv6 addresses through IPv6 Node Information
> Queries.
> ipv6-ra-flood http://nmap.org/nsedoc/scripts/ipv6-ra-flood.html
> * Generates a flood of Router Advertisements (RA) with random source MAC
> addresses and IPv6 prefixes. Computers, which have stateless
> autoconfiguration enabled by default (every major OS),  will start to
> compute IPv6 suffix and update their routing table to reflect the accepted
> announcement. This will cause 100% CPU usage on Windows and platforms,
> preventing to process other application requests.
> targets-ipv6-multicast-echo
> http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-echo.html
> * Sends an ICMPv6 echo request packet to the all-nodes link-local multicast
> address (<code>ff02::1</code>) to discover responsive hosts on a LAN
> without needing to individually ping each IPv6 address.
> targets-ipv6-multicast-invalid-dst
> http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-invalid-dst.html
> * Sends an ICMPv6 packet with an invalid extension header to the all-nodes
> link-local multicast address (<code>ff02::1</code>) to discover (some)
> available hosts on the LAN. This works because some hosts will respond to
> this probe with an ICMPv6 Parameter Problem packet.
> targets-ipv6-multicast-mld
> http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html
> * Attempts to discover available IPv6 hosts on the LAN by sending an MLD
> (multicast listener discovery) query to the link-local multicast address
> (ff02::1) and listening for any responses.  The query's maximum response
> delay set to 0 to provoke hosts to respond immediately rather than waiting
> for other responses from their multicast group.
> targets-ipv6-multicast-slaac
> http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html
> * Performs IPv6 host discovery by triggering stateless address
> auto-configuration (SLAAC).
> One of our main criteria for accepting new scripts is that they meet a
> concrete need of security/networking admins/analysts.  So instead of just
> saying "this sends an IPv6 blahblah probe and prints the response", tell us
> why someone might send such a probe and how the information returned can be
> useful.
> Also, as Fernando noted, you don't need to base all your ideas on thc-ipv6
> and the IPv6 Toolkit.  Those are wonderful tools, but you don't need to
> limit yourself to things they can already do.
> Cheers, and best wishes for your project!
> -Fyodor
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list