Add teamspeak2-version script by Marin Maržić.

http://seclists.org/nmap-dev/2013/q2/413.
2026-01-09 07:59:03 +00:00 · 2013-07-01 09:07:13 +00:00
parent 04340b1f84
commit 4af2a3c24e
3 changed files with 63 additions and 0 deletions
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -419,6 +419,7 @@ Entry { filename = "targets-ipv6-multicast-mld.nse", categories = { "broadcast",
 Entry { filename = "targets-ipv6-multicast-slaac.nse", categories = { "broadcast", "discovery", } }
 Entry { filename = "targets-sniffer.nse", categories = { "broadcast", "discovery", "safe", } }
 Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } }
+Entry { filename = "teamspeak2-version.nse", categories = { "version", } }
 Entry { filename = "telnet-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "telnet-encryption.nse", categories = { "discovery", "safe", } }
 Entry { filename = "tftp-enum.nse", categories = { "discovery", "intrusive", } }
--- a/scripts/teamspeak2-version.nse
+++ b/scripts/teamspeak2-version.nse
@@ -0,0 +1,60 @@
+local comm = require "comm"
+local shortport = require "shortport"
+local nmap = require "nmap"
+local bin = require "bin"
+local stdnse = require "stdnse"
+
+description = [[
+Detects the TeamSpeak 2 server UDP voice communication service.
+
+A single UDP packet (a login request) is sent. If the server does not have a
+password set, the exact version, name, and OS type will also be reported on.
+]]
+
+-- @output
+-- PORT     STATE SERVICE    REASON     VERSION
+-- 8767/udp open  teamspeak2 script-set TeamSpeak 2.0.23.19 (name: COWCLANS; no password)
+-- Service Info: OS: Win32
+
+author = "Marin Maržić"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = { "version" }
+
+local payload = "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x002x\xba\x85\tTeamSpeak\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\nWindows XP\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00 \x00<\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08nickname\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+
+portrule = shortport.version_port_or_service({8767}, "teamspeak2", "udp")
+
+action = function(host, port)
+    local status, result = comm.exchange(
+        host, port.number, payload, { proto = "udp", timeout = 3000 })
+    if not status then
+        return
+    end
+    nmap.set_port_state(host, port, "open")
+
+    local name, platform, version = string.match(result,
+        "^\xf4\xbe\x04\0\0\0\0\0.............([^\0]*)%G+([^\0]*)\0*(........)")
+    if not name then
+        return
+    end
+
+    port.version.name = "teamspeak2"
+    port.version.name_confidence = 10
+    port.version.product = "TeamSpeak"
+    if name == "" then
+        port.version.version = "2"
+    else
+        _, v_a, v_b, v_c, v_d = bin.unpack("<SSSS", version)
+        port.version.version = v_a .. "." .. v_b .. "." .. v_c .. "." .. v_d
+        port.version.extrainfo = "name: " .. name .. "; no password"
+        if platform == "Win32" then
+            port.version.ostype = "Windows"
+        elseif platform == "Linux" then
+            port.version.ostype = "Linux"
+        end
+    end
+
+    nmap.set_port_version(host, port, "hardmatched")
+
+    return
+end