More time sources for clock-skew; XML output for bitcoin-info.

2025-12-24 08:29:04 +00:00 · 2018-03-02 04:54:43 +00:00
parent 7a9bd8e6ab
commit 0afa72718b
6 changed files with 34 additions and 8 deletions
--- a/scripts/bitcoin-info.nse
+++ b/scripts/bitcoin-info.nse
@@ -1,3 +1,5 @@
+local os = require "os"
+local datetime = require "datetime"
 local bitcoin = require "bitcoin"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -51,18 +53,20 @@ action = function(host, port)
    return fail("Failed to connect to server")
  end

+  local request_time = os.time()
  local status, ver = bcoin:exchVersion()
  if ( not(status) ) then
    return fail("Failed to extract version information")
  end
  bcoin:close()
+  datetime.record_skew(host, ver.timestamp, request_time)

-  local result = {}
-  table.insert(result, ("Timestamp: %s"):format(stdnse.format_timestamp(ver.timestamp)))
-  table.insert(result, ("Network: %s"):format(NETWORK[ver.magic]))
-  table.insert(result, ("Version: %s"):format(ver.ver))
-  table.insert(result, ("Node Id: %s"):format(ver.nodeid))
-  table.insert(result, ("Lastblock: %s"):format(ver.lastblock))
+  local result = stdnse.output_table()
+  result["Timestamp"] = stdnse.format_timestamp(ver.timestamp)
+  result["Network"] = NETWORK[ver.magic]
+  result["Version"] = ver.ver
+  result["Node Id"] = ver.nodeid
+  result["Lastblock"] = ver.lastblock

-  return stdnse.format_output(true, result)
+  return result
 end
--- a/scripts/clock-skew.nse
+++ b/scripts/clock-skew.nse
@@ -9,15 +9,21 @@ local table = require "table"
 -- portrule scripts do not always run before hostrule scripts, and certainly
 -- not before the hostrule is evaluated.
 dependencies = {
+  "bitcoin-info",
  "http-date",
  "http-ntlm-info",
  "imap-ntlm-info",
+  "memcached-info",
  "ms-sql-ntlm-info",
  "nntp-ntlm-info",
  "ntp-info",
+  "openwebnet-discovery",
  "pop3-ntlm-info",
  "rfc868-time",
+  "smb-os-discovery",
  "smb-security-mode",
+  "smb2-time",
+  "smb2-vuln-uptime",
  "smtp-ntlm-info",
  "ssl-date",
  "telnet-ntlm-info",
--- a/scripts/memcached-info.nse
+++ b/scripts/memcached-info.nse
@@ -1,3 +1,5 @@
+local os = require "os"
+local datetime = require "datetime"
 local nmap = require "nmap"
 local match = require "match"
 local math = require "math"
@@ -20,7 +22,7 @@ server time) from distributed memory object caching system memcached.
 -- | memcached-info:
 -- |   Process ID: 18568
 -- |   Uptime: 6950 seconds
-- |   Server time: Sat Dec 31 14:16:10 2011
+-- |   Server time: 2018-03-02T03:35:09
 -- |   Architecture: 64 bit
 -- |   Used CPU (user): 0.172010
 -- |   Used CPU (system): 0.200012
@@ -149,12 +151,16 @@ action = function(host, port)
    return fail("Failed to connect to server")
  end

+  local request_time = os.time()
  local status, response = client:exchange("stats\r\n")
  if ( not(status) ) then
    return fail(("Failed to send request to server: %s"):format(response))
  end

  local kvs = parseResponse(response, "STAT")
+  if kvs.time then
+    datetime.record_skew(host, kvs.time, request_time)
+  end

  local status, response = client:exchange("stats settings\r\n")
  if ( not(status) ) then
--- a/scripts/smb-os-discovery.nse
+++ b/scripts/smb-os-discovery.nse
@@ -3,6 +3,8 @@ local smb = require "smb"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
+local os = require "os"
+local datetime = require "datetime"

 description = [[
 Attempts to determine the operating system, computer name, domain, workgroup, and current
@@ -146,6 +148,7 @@ end

 action = function(host)
  local response = stdnse.output_table()
+  local request_time = os.time()
  local status, result = smb.get_os(host)

  if(status == false) then
@@ -159,6 +162,7 @@ action = function(host)
  response.server = result.server
  if result.time and result.timezone then
    response.date = stdnse.format_timestamp(result.time, result.timezone * 60 * 60)
+    datetime.record_skew(host, result.time - result.timezone * 60 * 60, request_time)
  end
  response.fqdn = result.fqdn
  response.domain_dns = result.domain_dns
--- a/scripts/smb2-time.nse
+++ b/scripts/smb2-time.nse
@@ -1,3 +1,5 @@
+local os = require "os"
+local datetime = require "datetime"
 local smb = require "smb"
 local stdnse = require "stdnse"
 local smb2 = require "smb2"
@@ -36,6 +38,7 @@ action = function(host,port)
  status = smb2.negotiate_v2(smbstate, overrides)

  if status then
+    datetime.record_skew(host, smbstate.time, os.time())
    stdnse.debug2("SMB2: Date: %s (%s) Start date:%s (%s)",
                        smbstate['date'], smbstate['time'],
            smbstate['start_date'], smbstate['start_time'])
--- a/scripts/smb2-vuln-uptime.nse
+++ b/scripts/smb2-vuln-uptime.nse
@@ -1,3 +1,5 @@
+local os = require "os"
+local datetime = require "datetime"
 local smb = require "smb"
 local vulns = require "vulns"
 local stdnse = require "stdnse"
@@ -114,6 +116,7 @@ local function check_vulns(host, port)
  status = smb2.negotiate_v2(smbstate, overrides)

  if status then
+    datetime.record_skew(host, smbstate.time, os.time())
    stdnse.debug2("SMB2: Date: %s (%s) Start date:%s (%s)",
                        smbstate['date'], smbstate['time'],
            smbstate['start_date'], smbstate['start_time'])