o [NSE] Split script db2-discover into two scripts, adding a new

broadcast-db2-discover script. This script attempts to discover DB2 database servers through broadcast requests. [Patrik Karlsson]
2025-12-25 08:59:01 +00:00 · 2011-07-10 08:01:26 +00:00
parent 248b53abfa
commit 1feb1bd582
4 changed files with 97 additions and 52 deletions
--- a/scripts/broadcast-db2-discover.nse
+++ b/scripts/broadcast-db2-discover.nse
@@ -0,0 +1,83 @@
+description = [[
+Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp.
+]]
+
+---
+-- @usage
+-- nmap --script db2-discover
+--
+-- @output
+-- Pre-scan script results:
+-- | broadcast-db2-discover: 
+-- |   10.0.200.132 (UBU804-DB2E) - IBM DB2 v9.07.0
+-- |_  10.0.200.119 (EDUSRV011) - IBM DB2 v9.07.0
+
+-- Version 0.1
+-- Created 07/10/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"broadcast", "safe"}
+
+require "stdnse"
+require "shortport"
+require "target"
+
+prerule = function() return true end
+
+--- Converts the prodrel server string to a version string
+--
+-- @param server_version string containing the product release
+-- @return ver string containing the version information
+local function parseVersion( server_version )
+	local pfx = string.sub(server_version,1,3)
+
+	if pfx == "SQL" then
+		local major_version = string.sub(server_version,4,5)
+
+		-- strip the leading 0 from the major version, for consistency with 
+		-- nmap-service-probes results
+		if string.sub(major_version,1,1) == "0" then
+			major_version = string.sub(major_version,2)
+		end
+		local minor_version = string.sub(server_version,6,7)
+		local hotfix = string.sub(server_version,8)
+		server_version = major_version .. "." .. minor_version .. "." .. hotfix
+	else
+		return "Unknown version"
+	end
+	
+	return ("IBM DB2 v%s"):format(server_version)
+end
+
+action = function()
+
+	local DB2GETADDR = "DB2GETADDR\0SQL09010\0"
+	local socket = nmap.new_socket("udp")
+	local result = {}
+	local host, port = "255.255.255.255", 523
+
+	socket:set_timeout(5000)
+	local status = socket:sendto( host, port, DB2GETADDR )
+	if ( not(status) ) then return end
+
+	while(true) do
+		local data
+		status, data = socket:receive()
+		if( not(status) ) then break end
+		
+		local version, srvname = data:match("DB2RETADDR.(SQL%d+).(.-)%z")
+		local _, ip
+		status, _, _, ip, _ = socket:get_info()
+		if ( not(status) ) then return end
+		
+		if target.ALLOW_NEW_TARGETS then target.add(ip)	end
+
+		if ( status ) then
+			table.insert( result, ("%s - Host: %s; Version: %s"):format(ip, srvname, parseVersion( version ) )  )
+		end
+	end
+	socket:close()	
+
+	return stdnse.format_output( true, result )
+end