A way to get more information about Arweave Nodes using nmap. This script is a work in progress but can already return interesting value.
One can try it on mainnet servers hardcoded in arweave source code:
-
sfo-1.na-west-1.arweave.net
(206.189.70.139) -
ams-1.eu-central-1.arweave.net
(178.62.222.154) -
fra-1.eu-central-2.arweave.net
(157.230.102.219) -
blr-1.ap-central-1.arweave.net
(139.59.19.218) -
sgp-1.ap-central-2.arweave.net
(178.128.89.236)
This mode only return basic information on the target.
# default scan, using identify mode
nmap -p 1984 --script=arweave.nse 206.189.70.139
# forced scan with identify mode
nmap -p 1984 --script=+arweave.nse 206.189.70.139
This mode is an advanced identify mode, returning more information and checking all default end-points.
# fingerprint mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=fingerprint" 206.189.70.139
This mode create random data for each end-point automatically and check the result.
# fuzzing mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=fuzzing" 206.189.70.139
This mode is mainly used to inject crafted data.
# inject mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=inject" 206.189.70.139
This mode list files available on the target.
- HTTP GET method support without parameters
- HTTP HEAD method
- HTTP GET method with path parameters
- HTTP POST method with path parameters and configured body
- HTTP PUT method with path parameters and configured body
-
HTTP OPTIONS method(not supported by default nmap library) - Randomized Scanner end-points
- Add arguments supports:
-
arweave.http_header_content_type="application/json"
-
arweave.randomize=true
: randomize path scan -
arweave.mode=identify
: default scan -
arweave.mode=fingerprint
: -
arweave.mode=fuzzing
: -
arweave.mode=inject
: -
arweave.scan_only=api_id
: scan only one path (bypass scan mode) -
arweave.scan_filter=.*
: filter scanned parse (bypass scan mode) -
arweave.http_header_authentication
: add bearer support
-
- Custom options for api
-
arweave.get_price_size.size
-
arweave.get_price_size_target.size
-
arweave.get_wallet_balance.address
-
arweave.get_wallet_last_tx.address
-
arweave.get_block_height.height
-
arweave.get_block_hash.hash
-
arweave.get_tx.tx_id
-
arweave.get_tx_offset.tx_id
-
arweave.get_tx_state.tx_id
-
arweave.get_chunks.offset
-
arweave.post_admin_queue_tx.body
-
arweave.put_admin_block_data.body
-
arweave.get_farcaster_frame_tx.tx_id
-
arweave.post_farcaster_frame_tx.tx_id
-
arweave.post_block2.body
-
arweave.post_block_announcement.body
-
arweave.post_block.body
-
arweave.post_block.body
-
arweave.post_coordinated_mining_h1.body
-
arweave.post_coordinated_mining_h2.body
-
arweave.post_height.body
-
arweave.post_partial_solution.body
-
arweave.post_peers.body
-
arweave.post_tx.body
-
arweave.post_tx2.body
-
arweave.post_unsigned_tx.body
-
arweave.post_vdf.body
-
arweave.post_wallet.body
-
- Fuzzer:
- Simple ETF parser
- Simple ETF serializer
- Automatic code injection
- Other features to add:
- CORS headers check
- Comments/details regarding a port
- custom state for each end-point
- Version fingerprinting (e.g. add score in each end-point, seen on each version...)
- external service notification support
- add risks evaluation on each end-point
- includes default bearer/api_secret in the API