Nmap firewall-bypass NSE Script
This page contains detailed information about how to use the firewall-bypass NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/firewall-bypass.nse
Script categories: vuln, intrusive
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Script Description
The firewall-bypass.nse script detects a vulnerability in netfilter and other firewalls that use helpers to dynamically open ports for protocols such as ftp and sip.
The script works by spoofing a packet from the target server asking for opening a related connection to a target port which will be fulfilled by the firewall through the adequate protocol helper port. The attacking machine should be on the same network segment as the firewall for this to work. The script supports ftp helper on both IPv4 and IPv6. Real path filter is used to prevent such attacks.
Based on work done by Eric Leblond.
For more information, see:
Firewall-bypass NSE Script Arguments
This is a full list of arguments supported by the firewall-bypass.nse script:
firewall-bypass.helper
The helper to use. Defaults to ftp. Supported helpers: ftp (Both IPv4 and IPv6).
If not using the helper's default port.
firewall-bypass.targetportPort to test vulnerability on. Target port should be a non-open port. If not given, the script will try to find a filtered or closed port from the port scan results.
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=firewall-bypass --script-args firewall-bypass.helper=value,firewall-bypass.helperport=value <target>Firewall-bypass NSE Script Example Usage
Here's an example of how to use the firewall-bypass.nse script:
nmap --script firewall-bypass <target>
nmap --script firewall-bypass --script-args firewall-bypass.helper="ftp", firewall-bypass.targetport=22 <target>
Firewall-bypass NSE Script Example Output
Here's a sample output from the firewall-bypass.nse script:
Host script results:
| firewall-bypass:
|_ Firewall vulnerable to bypass through ftp helper. (IPv4)
Firewall-bypass NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Hani Benhabiles
References
- https://nmap.org/nsedoc/scripts/firewall-bypass.html
- https://github.com/nmap/nmap/tree/master/scripts/firewall-bypass.nse
- http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
See Also
Visit Nmap NSE Library for more scripts.
The firewall-bypass.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Unable to connect to %s helper port.
Here is a relevant code snippet related to the "Unable to connect to %s helper port." error message:
58: local testsock = nmap.new_socket()
59: testsock:set_timeout(1000)
60: local status, _ = testsock:connect(host.ip, helperport)
61: testsock:close()
62: if not status then
63: stdnse.debug1("Unable to connect to %s helper port.", helperport)
64: return false
65: end
66: return true
67: end,
68:
Problem connecting to helper port %s.
Here is a relevant code snippet related to the "Problem connecting to helper port %s." error message:
174: local socket = nmap.new_socket()
175: socket:set_timeout(3000)
176: local status, _ = socket:connect(host.ip, helperport)
177: if not status then
178: -- Problem connecting to helper port
179: stdnse.debug1("Problem connecting to helper port %s.", tostring(helperport))
180: return
181: end
182:
183: -- wait packet spoofing thread to finish
184: stdnse.sleep(1.5)
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
