Today I quickly translated a python script i had floating around into a more useful NSE script.

It pulls the consensus data from one of the 9 Tor directory servers (documentation here) and runs a regular expression to extract the ip addresses of the nodes until it finds a matching one.

nmap -p0 -dd -Pn --datadir=. --script=tor-consensus-checker 86.59.11.2
...
NSE: Starting 'tor-consensus-checker' (thread: 0x9a87568) against 86.59.11.2.
Initiating NSE at 23:36
NSE: checking if 86.59.11.2 is a tor relay
NSE: Final http cache size (674972 bytes) of max size of 1000000
NSE: consensus retrieved from 128.31.0.39
NSE: Finished 'tor-consensus-checker' (thread: 0x9a87568) against 86.59.11.2.
PORT  STATE  SERVICE REASON
0/tcp closed unknown conn-refused

Host script results:
| tor-consensus-checker: 
|_  86.59.11.2 is a tor node

Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds

The script can currently be found on my github repository of nmap scripts.

I've been working on a NSE script which enumerates the authentication methods available on an eap authenticator, especially useful when those methods that support 2-step authentication with an anonymous identity in the first step are offered.

The principle is straightforward, for a group of auth methods of interest the script will follow the eap handshake sequence multiple times keeping track of the methods offered:

1. sending eap start packet to the broadcast mac address 01:80:c2:00:00:03
2. responding to the identity request issued by the ap
3. parsing the auth request to find the auth method offered, then responding with a nak packet that requests another method
4. If auth request: 5, if instead failure packet is received: 6
5. respond with another nak and another auth method, then again 4
6. auth method not available. restart from state 1 unless already tested every protocol of interest.

A simple session is given below (relying on my memory, hope to remember everything correctly):

Eap start
-- -- -- --
01 01 00 00

Eap identity request
-- -- -- -- -- -- -- -- -- -- -- -- -- -- 
01 00 00 0A 01 EF 00 0A 01 68 65 6C 6C 6F

Eap identity response
-- -- -- -- -- -- -- -- -- -- -- -- --  
01 00 00 09 02 EF 00 09 01 75 75 65 72 

EAP PEAP authentication request
-- -- -- -- -- -- -- -- --  
01 00 LL LL 01 CD LL LL 19  ... more stuff (LL = length)

EAP NAK response, TTLS requested
-- -- -- -- -- -- -- -- -- --
01 00 00 05 02 CD 00 05 03 15

The script currently enumerates successfully the auth methods when tested with hostapd v0.6.10, it's on my github as well as in the nmap main trunk.

nmap -e eth2 -sn --script=eap-info --datadir=. localhost
Pre-scan script results:
| eap-info:
| Available authentication methods with identity="anonymous":
|   true     PEAP
|   true     EAP-TTLS
|   false    EAP-TLS
|_  false    EAP-MSCHAP-V2

I always find useful those language learning tools that are aimed to train a single specific skill among those needed to master a foreign language (one tool one task). I was looking for something that could help me to build some knowledge about daily sentences, both in meaning and in pronunciation, showing kanjis while providing also them as kana. Like i did with playkanji.com i decided to build an user interface in JavaScript to fulfill the need: teacher.playkanji.com.

Japanese suits very well to software development since it isn't really necessary to have your program translate a sentence (very hard) to help the user with additional info. Chasen provides some help in parsing sentence structure while Edict is the most famous digital japanese dictionary.

My web application is really HTML5 dependent, it makes use of some local storage functions as well as audio tags. You are supposed to read and listen the sentence clicking on the play ♪ button, the if necessary some info (meaning and pronunciation) of displayed kanjis is provided clicking on kanji help (help 漢字). While typing your translation in the grey box it will be parsed and evaluated in real time. It will be compared to the reference translation, and matching word will be highlighted in blue. For those interested in the internals of it I'm using the [url=http://en.wikipedia.org/wiki/Levenshtein_distance]Levenshtein distance[/url] to highlight your words in a blue shade getting darker while they are getting closer to the correct word. One limitation of my batch of data is that dictionary references that you will find clicking on help won't exatcly match the reference translation, since it would require large amount of manual work to fix. Consider them as a hint and help yourself with some synonyms while messing with Levenshtein output.

HTML5 local storage capabilities let me save the study history within your browser, so there's no need for login, password and so on: just fire up teacher.playkanji.com and enjoy. Clicking clear this result and clear all history in the right upper side of the page will lead you to reset the current result and the whole history respectively.

Drop me a line if you spot a bug or a bad translation, the app has not been tested thoroughly and i'm still drilling through sentences. Currently supports only Firefox and Chrome, don't even bother trying on IE. Opera and safari untested.