PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-18 21:49:01 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added the script socks-auth-info that lists supported SOCKS 5

Browse Source 
authentication mechanisms. [Patrik]
This commit is contained in:
patrik
2012-01-02 11:34:27 +00:00
parent b4fcd5e5fa
commit 54983f8127
3 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -13,6 +13,9 @@ o [NSE] Added the script redis-brute that performs brute force password
o [NSE] Added the script http-proxy-brute that performs brute force password o [NSE] Added the script http-proxy-brute that performs brute force password
guessing against HTTP proxy servers. [Patrik] guessing against HTTP proxy servers. [Patrik]
o [NSE] Added the script socks-auth-info that lists supported SOCKS 5
authentication mechanisms. [Patrik]
o [NSE] Added the script socks-brute that performs brute force password o [NSE] Added the script socks-brute that performs brute force password
guessing against SOCKS 5 servers. [Patrik] guessing against SOCKS 5 servers. [Patrik]

1
scripts/script.db
View File

@@ -268,6 +268,7 @@ Entry { filename = "snmp-win32-services.nse", categories = { "default", "discove
Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } } Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } } Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "sql-injection.nse", categories = { "intrusive", "vuln", } } Entry { filename = "sql-injection.nse", categories = { "intrusive", "vuln", } }

48
scripts/socks-auth-info.nse Normal file
View File

@@ -0,0 +1,48 @@
description = [[
Determines the supported authentication mechanisms of the remote SOCKS server.
Starting with SOCKS version 5 socks servers may support authentication.
The script checks for the following authentication types:
0 - No authentication
1 - GSSAPI
2 - Username and password
]]
---
-- @usage
-- nmap -p 1080 <ip> --script socks-auth-info
--
-- @output
-- PORT STATE SERVICE
-- 1080/tcp open socks
-- | socks-auth-info:
-- | No authentication
-- |_ Username and password
--
require 'shortport'
require 'socks'
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "default"}
portrule = shortport.port_or_service({1080, 9050}, {"socks", "socks5", "tor-socks"})
action = function(host, port)
local helper = socks.Helper:new(host, port)
local auth_methods = {}
-- iterate over all authentication methods as the server only responds with
-- a single supported one if we send a list.
for _, method in pairs(socks.AuthMethod) do
local status, response = helper:connect( method )
if ( status ) then
table.insert(auth_methods, helper:authNameByNumber(response.method))
end
end
helper:close()
if ( 0 == #auth_methods ) then return end
return stdnse.format_output(true, auth_methods)
end