diff --git a/CHANGELOG b/CHANGELOG index 564c6b4a9..75f20e29c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,9 @@ o [NSE] Added the script redis-brute that performs brute force password o [NSE] Added the script http-proxy-brute that performs brute force password guessing against HTTP proxy servers. [Patrik] +o [NSE] Added the script socks-auth-info that lists supported SOCKS 5 + authentication mechanisms. [Patrik] + o [NSE] Added the script socks-brute that performs brute force password guessing against SOCKS 5 servers. [Patrik] diff --git a/scripts/script.db b/scripts/script.db index 5d0194a13..273fe9d6b 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -268,6 +268,7 @@ Entry { filename = "snmp-win32-services.nse", categories = { "default", "discove Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } } +Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } } Entry { filename = "sql-injection.nse", categories = { "intrusive", "vuln", } } diff --git a/scripts/socks-auth-info.nse b/scripts/socks-auth-info.nse new file mode 100644 index 000000000..b01b0a3c2 --- /dev/null +++ b/scripts/socks-auth-info.nse @@ -0,0 +1,48 @@ +description = [[ +Determines the supported authentication mechanisms of the remote SOCKS server. +Starting with SOCKS version 5 socks servers may support authentication. +The script checks for the following authentication types: + 0 - No authentication + 1 - GSSAPI + 2 - Username and password +]] + +--- +-- @usage +-- nmap -p 1080 --script socks-auth-info +-- +-- @output +-- PORT STATE SERVICE +-- 1080/tcp open socks +-- | socks-auth-info: +-- | No authentication +-- |_ Username and password +-- + +require 'shortport' +require 'socks' + +author = "Patrik Karlsson" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe", "default"} + +portrule = shortport.port_or_service({1080, 9050}, {"socks", "socks5", "tor-socks"}) + +action = function(host, port) + + local helper = socks.Helper:new(host, port) + local auth_methods = {} + + -- iterate over all authentication methods as the server only responds with + -- a single supported one if we send a list. + for _, method in pairs(socks.AuthMethod) do + local status, response = helper:connect( method ) + if ( status ) then + table.insert(auth_methods, helper:authNameByNumber(response.method)) + end + end + + helper:close() + if ( 0 == #auth_methods ) then return end + return stdnse.format_output(true, auth_methods) +end \ No newline at end of file