Initial submission of CoAP-related code to the Nmap project. #369

Closed
wants to merge 9 commits into
from

Projects

None yet

2 participants

@mogigoma

I am submitting a new port definition, service probe, discovery script, and protocol library for CoAP, an Internet of Things HTML-like protocol. CoAP is standardized and has many implementations and public test servers. Along with MQTT, it appears to be one of the most popular protocols in its domain.

I corrected what appeared to be an error in the unittest library's own unit tests. I have also included a new test method unittest.identical which is useful for performing deep comparisons of arbitrary Lua objects. This method tests the existence, type, length, and value of all objects recursively. Its existence allows the unit testing of the packet building and parsing features, many of which return nested tables.

Since this protocol has many features which I found difficult to get just right, the library is very hierarchical, structured as sort of a tree where the leaves are usually build() or parse() functions. Points of complexity that could certainly use review are:

  • COAP.header.options.build()
  • COAP.header.options.delta_length.build()
  • COAP.header.options.delta_length.parse()
  • COAP.payload.application_link_format.parse()

The following command lines can be used to test multiple public test servers:

  • nmap -p U:5683 -sU --script coap-resources coap.me
  • nmap -p U:5683 -sU --script coap-resources californium.eclipse.org

The script output is a bit strange, having blank lines everywhere. I have not been able to correct this, and have also failed to get the example code in stdnse.format_output() working as documented. Unsure if this is my failure or the library's, but assuming it's my fault for now.

If you have any questions or guidance, I will do my best to respond promptly.

@mogigoma
mogigoma commented Jun 1, 2016

It's been a while, wondering if there's anything that's needed from me that would help move this along?

@mogigoma
mogigoma commented Sep 8, 2016

Fixed the assert failures against the list of test IPs. Additional issues remain which should probably be addressed for wider compatibility, the most common being Server responded with 'get' code where 'content' was expected.

@dmiller-nmap

Does this script really work on port 5684 (coaps)? I would think it doesn't since Nmap doesn't support DTLS currently. This is the last bit of info I need before I commit.

@mogigoma
mogigoma commented Sep 8, 2016

No, it won't support it as-is. I tried to put things in place so that if DTLS support gets added it would start working. Port numbers and such. Feel free to remove if that's jumping the gun.

@dmiller-nmap

Merged in 0790885

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment