o [NSE] Added a stun library and the scripts stun-version and stun-info, which

extract version information and the external NAT:ed address. [Patrik Karlsson]
2025-12-25 08:59:01 +00:00 · 2012-03-16 11:36:51 +00:00
parent c04148c346
commit 17247c681a
5 changed files with 460 additions and 0 deletions
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -313,6 +313,8 @@ Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusiv
 Entry { filename = "ssl-google-cert-catalog.nse", categories = { "discovery", "external", "safe", } }
 Entry { filename = "ssl-known-key.nse", categories = { "discovery", "safe", "vuln", } }
 Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
+Entry { filename = "stun-info.nse", categories = { "discovery", "safe", } }
+Entry { filename = "stun-version.nse", categories = { "version", } }
 Entry { filename = "stuxnet-detect.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "svn-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "targets-ipv6-multicast-echo.nse", categories = { "broadcast", "discovery", } }
--- a/scripts/stun-info.nse
+++ b/scripts/stun-info.nse
@@ -0,0 +1,47 @@
+description = [[
+Retrieves the external IP address of a NAT:ed host using the STUN Classic
+protocol.
+]]
+
+---
+-- @usage
+-- nmap -sV -PN -sU -p 3478 --script stun-info <ip>
+--
+-- @output
+-- PORT     STATE         SERVICE
+-- 3478/udp open|filtered stun
+-- | stun-info: 
+-- |_  External IP: 80.216.42.106
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+require 'shortport'
+require 'stun'
+
+portrule = shortport.port_or_service(3478, "stun", "udp")
+
+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
+action = function(host, port)
+	local helper = stun.Helper:new(host, port)
+	local status = helper:connect()
+	if ( not(status) ) then
+		return fail("Failed to connect to server")
+	end
+	
+	local status, result = helper:getExternalAddress()
+	if ( not(status) ) then
+		return fail("Failed to retrieve external IP")
+	end
+
+	port.version.name = "stun"
+	nmap.set_port_state(host, port, "open")
+	nmap.set_port_version(host, port, "hardmatched")
+    
+	if ( result ) then
+		return "\n  External IP: " .. result
+	end
+end
--- a/scripts/stun-version.nse
+++ b/scripts/stun-version.nse
@@ -0,0 +1,39 @@
+description = [[
+Sends a binding request to the server and attempts to extract version
+information from the response, if the server attribute is present.
+]]
+
+---
+-- @output
+-- PORT     STATE SERVICE VERSION
+-- 3478/udp open  stun    Vovida.org 0.96
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"version"}
+
+require 'shortport'
+require 'stun'
+
+portrule = shortport.port_or_service(3478, "stun", "udp")
+
+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
+action = function(host, port)
+	local helper = stun.Helper:new(host, port)
+	local status = helper:connect()
+	if ( not(status) ) then
+		return fail("Failed to connect to server")
+	end
+	
+	local status, result = helper:getVersion()
+	if ( not(status) ) then
+		return fail("Failed to retrieve external IP")
+	end
+
+	port.version.name = "stun"
+	port.version.product = result
+	nmap.set_port_state(host, port, "open")
+    nmap.set_port_version(host, port, "hardmatched")
+end