Nmap for IOS? No, IOSMap

The Tcl shell can be used to run Cisco IOS CLI EXEC commands within a Tcl script. Using the Tcl shell to run CLI commands allows customers to build menus to guide novice users through tasks, to automate repetitive tasks, and to create custom output for show commands.

Not everyone knows that it is possible to implement a port scanning tool like a light Nmap. Surfing the web I have found a tool named IOSMap, a Cisco port scanning tool.

It is not mandatory know Tcl to use this script; the only thing you need to know is how execute a Tcl script.

To use IOSMap script you need:

Step #1: Download the script http://sourceforge.net/…/IOSmap%201.1/iosmap1.1.zip/download

Step #2: Copy it into your tftp/ftp/http… server folder as you prefer

Step #3: Launch the script. All IOSmap parameters are defined at the command line. The help text for IOSmap shows all the scan options available:

Ciscozine#tclsh tftp://192.168.1.11/IOSmap.tcl help
Loading IOSmap.tcl from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 15912 bytes]

Loading services.list from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 42121 bytes]

Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at 2012-02-07 14:02 Rome

Invalid IP address specified ==> help
================================================================
IOScan 0.1
  Usage: IOScan
HOST DISCOVERY:
  -P0/PN  Treat all hosts as online - skip Ping test
  -SL  List hosts and ports to scan
SCAN TYPE:
  -sP  Ping scan only
  -sT  TCP Connect Scan
  -sU  UDP Scan
  --reason:  display the reason a port state is reported as such
PORT SPECIFICATION:
  -p  Specify ports to scan.
     -p22  Scan port 22
     -p22,23,135-139,445  Scan ports 22, 23, 135, 136, 137, 138, 139, 445
TARGET SPECIFICATION:
  CIDR, IP range and single IPs are all a supported - comma delimited
  For example:
    192.168.10.0/24,192.168.17.21-34,192.168.40.1

Ciscozine#

Some examples..

Example #1: Check the tcp ports (135-139, 443, 445) on the 192.168.1.10 host

Ciscozine#tclsh tftp://192.168.1.11/IOSmap.tcl -sT -p135-139,443,445 192.168.1.10
Loading IOSmap.tcl from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 15912 bytes]

Loading services.list from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 42121 bytes]

Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at 2012-02-07 13:24 Rome

Free Memory on Platform = 80289968  / Memory required for this scan = 2579282

Interesting ports on host 192.168.1.10
PORT     STATE      SERVICE
135/tcp   open       msrpc
136/tcp   closed     profile
137/tcp   closed     netbios-ns
138/tcp   closed     netbios-dgm
139/tcp   open       netbios-ssn
443/tcp   closed     https
445/tcp   open       microsoft-ds

Ciscozine#

Example #2: Check if the hosts (192.168.1.0/29, 192.168.255.0/30) are up

Ciscozine#tclsh tftp://192.168.1.11/IOSmap.tcl -sP 192.168.1.0/29,192.168.255.0/30
Loading IOSmap.tcl from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 15912 bytes]

Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at 2012-02-07 13:25 Rome

Free Memory on Platform = 81737004  / Memory required for this scan = 3362393

Host 192.168.1.1 is up
Host 192.168.1.2 is down
Host 192.168.1.3 is up
Host 192.168.1.4 is up
Host 192.168.1.5 is down
Host 192.168.1.6 is down
Host 192.168.255.1 is up
Host 192.168.255.2 is down

Ciscozine#

Example #3: Check the tcp ports 1-60000 on the 192.168.1.10 host; this is a good example to show how the script will advise you that the memory required is more than the free memory

Ciscozine#tclsh tftp://192.168.1.11/IOSmap.tcl -sT -p1-60000 192.168.1.10
Loading IOSmap.tcl from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 15912 bytes]

Loading services.list from 192.168.1.11 (via FastEthernet0/0.2): !
[OK - 42121 bytes]

Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at 2012-02-07 13:26 Rome

Free Memory on Platform = 76021848  / Memory required for this scan = 95208474

The resources estimated for your scan will exceed 75%
of your available memory total of 95208474
Execution cannot proceed without impacting primary device functions

Ciscozine#

Below the video that explain how IOSMap works:

Remember: Because routers are such critical devices, when adding new functions it is always important to gauge the impact of these new functions on performance in delivering their core functions. In particular, memory usage and cpu utilization are the two most important factors, both are easily measured. The memory usage of port scanning using TCL was especially interesting.

References:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.