Arweave Nmap Script Engine

A way to get more information about Arweave Nodes using nmap. This script is a work in progress but can already return interesting value.

Usage

One can try it on mainnet servers hardcoded in arweave source code:

• sfo-1.na-west-1.arweave.net (206.189.70.139)

• ams-1.eu-central-1.arweave.net (178.62.222.154)

• fra-1.eu-central-2.arweave.net (157.230.102.219)

• blr-1.ap-central-1.arweave.net (139.59.19.218)

• sgp-1.ap-central-2.arweave.net (178.128.89.236)

Identify Mode

This mode only return basic information on the target.

# default scan, using identify mode
nmap -p 1984 --script=arweave.nse 206.189.70.139

# forced scan with identify mode
nmap -p 1984 --script=+arweave.nse 206.189.70.139

Fingerprint Mode

This mode is an advanced identify mode, returning more information and checking all default end-points.

# fingerprint mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=fingerprint" 206.189.70.139

(WIP) Fuzzing Mode

This mode create random data for each end-point automatically and check the result.

# fuzzing mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=fuzzing" 206.189.70.139

(WIP) Inject mode

This mode is mainly used to inject crafted data.

# inject mode
nmap -p 1984 --script=arweave.nse --script-args="arweave.mode=inject" 206.189.70.139

(WIP) File mode

This mode list files available on the target.

TODO

• HTTP GET method support without parameters
• HTTP HEAD method
• HTTP GET method with path parameters
• HTTP POST method with path parameters and configured body
• HTTP PUT method with path parameters and configured body
• HTTP OPTIONS method (not supported by default nmap library)
• Randomized Scanner end-points
• Add arguments supports:
  • arweave.http_header_content_type="application/json"
  • arweave.randomize=true: randomize path scan
  • arweave.mode=identify: default scan
  • arweave.mode=fingerprint:
  • arweave.mode=fuzzing:
  • arweave.mode=inject:
  • arweave.scan_only=api_id: scan only one path (bypass scan mode)
  • arweave.scan_filter=.*: filter scanned parse (bypass scan mode)
  • arweave.http_header_authentication: add bearer support
• Custom options for api
  • arweave.get_price_size.size
  • arweave.get_price_size_target.size
  • arweave.get_wallet_balance.address
  • arweave.get_wallet_last_tx.address
  • arweave.get_block_height.height
  • arweave.get_block_hash.hash
  • arweave.get_tx.tx_id
  • arweave.get_tx_offset.tx_id
  • arweave.get_tx_state.tx_id
  • arweave.get_chunks.offset
  • arweave.post_admin_queue_tx.body
  • arweave.put_admin_block_data.body
  • arweave.get_farcaster_frame_tx.tx_id
  • arweave.post_farcaster_frame_tx.tx_id
  • arweave.post_block2.body
  • arweave.post_block_announcement.body
  • arweave.post_block.body
  • arweave.post_block.body
  • arweave.post_coordinated_mining_h1.body
  • arweave.post_coordinated_mining_h2.body
  • arweave.post_height.body
  • arweave.post_partial_solution.body
  • arweave.post_peers.body
  • arweave.post_tx.body
  • arweave.post_tx2.body
  • arweave.post_unsigned_tx.body
  • arweave.post_vdf.body
  • arweave.post_wallet.body
• Fuzzer:
  • Simple ETF parser
  • Simple ETF serializer
  • Automatic code injection
• Other features to add:
  • CORS headers check
  • Comments/details regarding a port
  • custom state for each end-point
  • Version fingerprinting (e.g. add score in each end-point, seen on each version...)
  • external service notification support
  • add risks evaluation on each end-point
  • includes default bearer/api_secret in the API

References and resources

AR.IO Network+Token White Paper

AR.IO documentation

AR.IO admin API