o [NSE] Added a stun library and the scripts stun-version and stun-info, which

extract version information and the external NAT:ed address. [Patrik Karlsson]
2026-01-06 06:29:03 +00:00 · 2012-03-16 11:36:51 +00:00
parent c04148c346
commit 17247c681a
5 changed files with 460 additions and 0 deletions
--- a/scripts/stun-info.nse
+++ b/scripts/stun-info.nse
@@ -0,0 +1,47 @@
+description = [[
+Retrieves the external IP address of a NAT:ed host using the STUN Classic
+protocol.
+]]
+
+---
+-- @usage
+-- nmap -sV -PN -sU -p 3478 --script stun-info <ip>
+--
+-- @output
+-- PORT     STATE         SERVICE
+-- 3478/udp open|filtered stun
+-- | stun-info: 
+-- |_  External IP: 80.216.42.106
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+require 'shortport'
+require 'stun'
+
+portrule = shortport.port_or_service(3478, "stun", "udp")
+
+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
+action = function(host, port)
+	local helper = stun.Helper:new(host, port)
+	local status = helper:connect()
+	if ( not(status) ) then
+		return fail("Failed to connect to server")
+	end
+	
+	local status, result = helper:getExternalAddress()
+	if ( not(status) ) then
+		return fail("Failed to retrieve external IP")
+	end
+
+	port.version.name = "stun"
+	nmap.set_port_state(host, port, "open")
+	nmap.set_port_version(host, port, "hardmatched")
+    
+	if ( result ) then
+		return "\n  External IP: " .. result
+	end
+end