Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 'MAC Address' argument option to dhcp-discover script #1838

Open
plittlefield opened this issue Nov 28, 2019 · 5 comments
Open

Add 'MAC Address' argument option to dhcp-discover script #1838

plittlefield opened this issue Nov 28, 2019 · 5 comments
Assignees
Labels

Comments

@plittlefield
Copy link

@plittlefield plittlefield commented Nov 28, 2019

I am trying to test a DHCP server to see if a specific MAC address receives the correct IP address assignment.

Would it be possible to add a command line argument option to allow a MAC address to be specified?

e.g.

nmap -sU -p 67 --script=dhcp-discover -m '80:ce:62:e4:6e:f5'

Thanks.

Regards,

Paully

@nnposter nnposter self-assigned this Jan 13, 2020
@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Jan 13, 2020

I will take this on. Stay tuned...

@plittlefield

This comment has been minimized.

Copy link
Author

@plittlefield plittlefield commented Jan 13, 2020

Great, thanks!

@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Jan 15, 2020

In commit r37878, scripts dhcp-discover and broadcast-dhcp-discover now take a new argument to force a specific MAC address:

nmap -sU -p 67 --script dhcp-discover --script-args dhcp-discover.mac=80:ce:62:e4:6e:f5 ...
nmap -sU -p 67 --script broadcast-dhcp-discover --script-args broadcast-dhcp-discover.mac=80:ce:62:e4:6e:f5 ...

Which of the two scripts to use depends on your specific situation. If the DHCP server is local to the scanner, or you want to follow the current DHCP relay agent path, then broadcast-dhcp-discover is likely a better choice. If you want to target a specific, non-default DHCP server then dhcp-discover might work for you.

You can run both:

nmap -sU -p 67 --script dhcp-discover,broadcast-dhcp-discover --script-args mac=80:ce:62:e4:6e:f5,dhcptype=dhcpdiscover ...

Caveats:

  • Script broadcast-dhcp-discover needs to sniff raw packets so the user must have adequate privileges.
  • Script dhcp-discover will generate the DHCP request packet but it might not be able to see the response, depending on your DHCP setup. You might be able to catch the response with a sniffer.

Example:

$ nmap -n -sU -p67 --script broadcast-dhcp-discover --script-args mac=cafebabec0de
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-01-14 18:41 MST
Pre-scan script results:
| broadcast-dhcp-discover: 
|   Response 1 of 1: 
|     IP Offered: 192.168.73.132
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 192.168.73.254
|     IP Address Lease Time: 30m00s
|     Subnet Mask: 255.255.255.0
|     Router: 192.168.73.2
|     Domain Name Server: 192.168.73.2
|     Domain Name: localdomain
|     Broadcast Address: 192.168.73.255
|     NetBIOS Name Server: 192.168.73.2
|     Renewal Time Value: 15m00s
|_    Rebinding Time Value: 26m15s
@plittlefield

This comment has been minimized.

Copy link
Author

@plittlefield plittlefield commented Jan 15, 2020

Outstanding work, thank you!

@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Jan 15, 2020

Please test, provide feedback and/or close the issue if satisfied

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.