o [NSE] Added the script http-vlcstreamer-ls which queries the VLC Streamer

helper service for a list of files in a given directory. [Patrik Karlsson]

CHANGELOG

@@ -1,7 +1,10 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
-o [NSE] Added script targets-ipv6-mld that sends a malformed ICMP6 MLD Query
-  to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]
+o [NSE] Added the script http-vlcstreamer-ls which queries the VLC Streamer
+  helper service for a list of files in a given directory. [Patrik Karlsson]
+
+o [NSE] Added the script targets-ipv6-mld that sends a malformed ICMP6 MLD
+  Query to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]
 
 o [NSE] Added script http-virustotal that allows checking files, or hashes
   of previously scanned files, against the major antivirus engines. [Patrik

scripts/http-vlcstreamer-ls.nse

@@ -0,0 +1,83 @@
+description = [[
+Connects to the VLC Streamer helper service and lists directory contents. The
+VLC Streamer helper service is used by the iOS VLC Streamer application to
+enable streaming of multimedia content from the remote server to the device.
+]]
+
+---
+-- @usage
+-- nmap -p 54340 --script http-vlcstreamer-ls <ip>
+--
+-- @output
+-- PORT      STATE SERVICE
+-- 54340/tcp open  unknown
+-- | http-vlcstreamer-ls: 
+-- |   /Applications
+-- |   /Developer
+-- |   /Library
+-- |   /Network
+-- |   /Pictures
+-- |   /System
+-- |   /User Guides And Information
+-- |   /Users
+-- |   /Volumes
+-- |   /bin
+-- |   /bundles
+-- |   /cores
+-- |   /dev
+-- |   /etc
+-- |   /home
+-- |   /mach_kernel
+-- |   /net
+-- |   /opt
+-- |   /private
+-- |   /sbin
+-- |   /tmp
+-- |   /usr
+-- |_  /var
+--
+-- @args http-vlcstreamer-ls.dir directory to list (default: /)
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+local http		= require('http')
+local json		= require('json')
+local shortport = require('shortport')
+
+portrule = shortport.port_or_service(54340, "vlcstreamer", "tcp")
+
+local arg_dir = stdnse.get_script_args(SCRIPT_NAME .. ".dir") or "/"
+
+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
+action = function(host, port)
+	
+	local response = http.get(host, port, ("/secure?command=browse&dir=%s"):format(arg_dir))
+
+	if ( response.status ~= 200 or not(response.body) or 0 == #response.body ) then
+		if ( response.status == 401 ) then
+			return fail("Server requires authentication")
+		else
+			return
+		end
+	end
+
+	local status, parsed = json.parse(response.body)
+	if ( not(status) ) then
+		return fail("Failed to parse response")
+	end
+	
+	if ( parsed.errorMessage ) then
+		return fail(parsed.errorMessage)
+	end
+	
+	local output = {}
+	for _, entry in pairs(parsed.files or {}) do
+		table.insert(output,entry.path)
+	end
+	table.sort(output, function(a,b) return a<b end)
+	return stdnse.format_output(true, output)
+end

scripts/script.db

@@ -150,6 +150,7 @@ Entry { filename = "http-unsafe-output-escaping.nse", categories = { "discovery"
 Entry { filename = "http-userdir-enum.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-virustotal.nse", categories = { "external", "malware", "safe", } }
+Entry { filename = "http-vlcstreamer-ls.nse", categories = { "discovery", "safe", } }
 Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
 Entry { filename = "http-vuln-cve2009-3960.nse", categories = { "exploit", "intrusive", } }
 Entry { filename = "http-vuln-cve2010-2861.nse", categories = { "intrusive", "vuln", } }