From 6fbd739fac91d46beebcc89ef8fa1dca97398940 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 13 Jan 2011 07:17:55 +0000
Subject: [PATCH] o [NSE] Added p2p-dropbox-listener.nse, which listens for
 Dropbox   LanSync broadcasts and can optionally add discovered hosts to the  
 scan queue. [Ron Bowes, Mak Kolybabi, Andrew Orr, Russ Tait Milne]

---
 CHANGELOG                        |   4 ++
 scripts/p2p-dropbox-listener.nse | 109 +++++++++++++++++++++++++++++++
 scripts/script.db                |   1 +
 3 files changed, 114 insertions(+)
 create mode 100644 scripts/p2p-dropbox-listener.nse

diff --git a/CHANGELOG b/CHANGELOG
index e8c605be1..c32015db6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added p2p-dropbox-listener.nse, which listens for Dropbox
+  LanSync broadcasts and can optionally add discovered hosts to the
+  scan queue. [Ron Bowes, Mak Kolybabi, Andrew Orr, Russ Tait Milne]
+
 o [NSE] Created a new "broadcast" script category. This is the new
   home for the broadcast-* scripts, which do discovery by broadcasting
   on the local network (but may not relate to the targets listed on
diff --git a/scripts/p2p-dropbox-listener.nse b/scripts/p2p-dropbox-listener.nse
new file mode 100644
index 000000000..99194112b
--- /dev/null
+++ b/scripts/p2p-dropbox-listener.nse
@@ -0,0 +1,109 @@
+description = [[
+Listens for Dropbox LanSync information broadcasts.
+
+The Dropbox LanSync protocol broadcasts an opaque set of host and share
+identifiers. It does this every twenty seconds.
+]]
+
+author = "Ron Bowes, Mak Kolybabi, Andrew Orr, Russ Tait Milne"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+require("json")
+require("shortport")
+require("stdnse")
+require("tab")
+require("target")
+
+local DROPBOX_BROADCAST_PERIOD = 20
+local DROPBOX_PORT = 17500
+
+prerule = function()
+	return true
+end
+
+action = function()
+	-- Start listening for broadcasts.
+	local sock = nmap.new_socket("udp")
+	sock:set_timeout(2 * DROPBOX_BROADCAST_PERIOD * 1000)
+	local status, result = sock:bind(nil, DROPBOX_PORT)
+	if not status then
+		stdnse.print_debug(1, "Could not bind on port %d: %s", DROPBOX_PORT, result)
+		sock:close()
+		return
+	end
+
+	-- Keep track of the IDs we've already seen.
+	local ids = {}
+
+	-- Initialize the output table.
+	results = tab.new(6)
+	tab.addrow(
+		results,
+		'displayname',
+		'ip',
+		'port',
+		'version',
+		'host_int',
+		'namespaces'
+	)
+
+	local status, result = sock:receive()
+	while status do
+		-- Parse JSON.
+		local status, info = json.parse(result)
+		if status then
+			-- Get IP address of broadcasting host.
+			local status, _, _, ip, _ = sock:get_info()
+			if not status then
+				stdnse.print_debug(1, "Failed to get socket info.")
+				break
+			end
+			stdnse.print_debug(1, "Received broadcast from host %s (%s).", info.displayname, ip)
+
+			-- Check if we've already seen this ID.
+			if ids[info.host_int] then
+				break
+			end
+			ids[info.host_int] = true
+
+			-- Add host scan list.
+			if target.ALLOW_NEW_TARGETS then
+				target.add(ip)
+			end
+
+			-- Add host to list.
+			for _, key1 in pairs({"namespaces", "version"}) do
+				for key2, val in pairs(info[key1]) do
+					info[key1][key2] = tostring(info[key1][key2])
+				end
+			end
+			tab.addrow(
+				results,
+				info.displayname,
+				ip,
+				info.port,
+				stdnse.strjoin(".", info.version),
+				info.host_int,
+				stdnse.strjoin(", ", info.namespaces)
+			)
+
+			stdnse.print_debug(1, "Added host %s.", info.displayname)
+		end
+
+		status, result = sock:receive()
+	end
+
+	sock:close()
+
+	-- If no broadcasts received, don't output anything.
+	if table.maxn(ids) == 0 then
+		 return
+	end
+
+	-- Format table, without trailing newline.
+	results = tab.dump(results)
+	results = results:sub(1, #results - 1)
+
+	return "\n" .. results
+end
diff --git a/scripts/script.db b/scripts/script.db
index bc7e427c9..635e11599 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -113,6 +113,7 @@ Entry { filename = "oracle-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "oracle-enum-users.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "oracle-sid-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "p2p-conficker.nse", categories = { "default", "safe", } }
+Entry { filename = "p2p-dropbox-listener.nse", categories = { "discovery", "safe", } }
 Entry { filename = "path-mtu.nse", categories = { "discovery", "safe", } }
 Entry { filename = "pgsql-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "pjl-ready-message.nse", categories = { "intrusive", } }