From 23d4abd5e9aaafd29e6035d515e7f0828d3d4550 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 24 Sep 2014 20:31:42 +0000
Subject: [PATCH] New docker-version script

http://seclists.org/nmap-dev/2014/q3/265
---
 CHANGELOG                  |  2 ++
 scripts/docker-version.nse | 36 ++++++++++++++++++++++++++++++++++++
 scripts/script.db          |  1 +
 3 files changed, 39 insertions(+)
 create mode 100644 scripts/docker-version.nse

diff --git a/CHANGELOG b/CHANGELOG
index 553353b35..9c4e2e5ee 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added docker-version script for detecting Docker [Claudio Criscione]
+
 o [NSE] Improved http-form-brute autodetection and behavior to handle more
   unusual-but-valid HTML syntax, non-POST forms, success/failure testing on
   HTTP headers, and more. [nnposter]
diff --git a/scripts/docker-version.nse b/scripts/docker-version.nse
new file mode 100644
index 000000000..511f17dd1
--- /dev/null
+++ b/scripts/docker-version.nse
@@ -0,0 +1,36 @@
+local shortport =  require "shortport"
+local json = require "json"
+local http = require "http"
+local nmap = require "nmap"
+
+description = [[Detects the Docker service version.]]
+
+---
+-- @output
+-- PORT     STATE SERVICE VERSION
+-- 2375/tcp open  docker  Docker 1.1.2
+
+author = "Claudio Criscione"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"version"}
+
+portrule = shortport.version_port_or_service({2375, 2376}, {"docker", "docker-s"}, "tcp")
+
+action = function(host, port)
+
+  local http_response = http.get(host, port, "/version")
+  if not http_response or not http_response.status or
+    http_response.status ~= 200 or not http_response.body then
+    return
+  end
+
+  local ok_json, response = json.parse(http_response.body)
+  if ok_json and response["Version"] and response["GitCommit"] then
+    ---Detected
+    port.version.name = response["Version"]
+    port.version.product = "Docker"
+    nmap.set_port_version(host, port)
+    return
+  end
+  return
+end
diff --git a/scripts/script.db b/scripts/script.db
index bfa9c94b3..7086d621e 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -94,6 +94,7 @@ Entry { filename = "dns-srv-enum.nse", categories = { "discovery", "safe", } }
 Entry { filename = "dns-update.nse", categories = { "intrusive", "vuln", } }
 Entry { filename = "dns-zeustracker.nse", categories = { "discovery", "external", "malware", "safe", } }
 Entry { filename = "dns-zone-transfer.nse", categories = { "discovery", "intrusive", } }
+Entry { filename = "docker-version.nse", categories = { "version", } }
 Entry { filename = "domcon-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "domcon-cmd.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive", } }