PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Give datafiles.lua the ability to parse nmap-mac-prefixes, and use it in

Browse Source 
nbstat.nse to look up the MAC vendor string.
This commit is contained in:
david
2010-02-26 00:27:30 +00:00
parent 1f7e90a0af
commit 84a388aeb9
3 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -2,6 +2,10 @@
[NOT YET RELEASED] [NOT YET RELEASED]
o [NSE] nbstat.nse can now look up the MAC prefix vendor string. Other
scripts can do the same thing using the datafiles.parse_mac_prefixes
function. [Thomas Buchanan]
o [NSE] Added the ssl-enum-ciphers script from Mak Kolybabi. This o [NSE] Added the ssl-enum-ciphers script from Mak Kolybabi. This
script lists the ciphers and compressors supported by an SSL/TLS script lists the ciphers and compressors supported by an SSL/TLS
server. server.

23
nselib/datafiles.lua
View File

@@ -1,5 +1,6 @@
--- Read and parse some of Nmap's data files: <code>nmap-protocols</code>, --- Read and parse some of Nmap's data files: <code>nmap-protocols</code>,
-- <code>nmap-rpc</code>, and <code>nmap-services</code>. -- <code>nmap-rpc</code>, <code>nmap-services</code>, and
-- <code>nmap-mac-prefixes</code>.
-- --
-- The functions in this module return values appropriate for use with exception -- The functions in this module return values appropriate for use with exception
-- handling via <code>nmap.new_try</code>. On success, they return true and -- handling via <code>nmap.new_try</code>. On success, they return true and
@@ -23,7 +24,8 @@ local common_files = {
["nmap-protocols"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)" ) ) end] = "^%s*([^%s#]+)%s+%d+" }, ["nmap-protocols"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)" ) ) end] = "^%s*([^%s#]+)%s+%d+" },
["nmap-services"] = { ["tcp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/tcp" ) ) end] = "^%s*([^%s#]+)%s+%d+/tcp" }, ["nmap-services"] = { ["tcp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/tcp" ) ) end] = "^%s*([^%s#]+)%s+%d+/tcp" },
["udp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/udp" ) ) end] = "^%s*([^%s#]+)%s+%d+/udp" } ["udp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/udp" ) ) end] = "^%s*([^%s#]+)%s+%d+/udp" }
} },
["nmap-mac-prefixes"] = { [ "^%s*(%w+)%s+[^#]+" ] = "^%s*%w+%s+([^#]+)" }
} }
@@ -90,6 +92,23 @@ parse_services = function(protocol)
end end
---
-- Read and parse <code>nmap-mac-prefixes</code>.
--
-- On success, return true and a table mapping 3 byte MAC prefixes to manufacturer names.
-- @return Status (true or false).
-- @return Table (if status is true) or error string (if status is false).
-- @see parse_file
parse_mac_prefixes = function()
local status, mac_prefixes_table = parse_file("nmap-mac-prefixes")
if not status then
return false, "Error parsing nmap-mac-prefixes"
end
return true, mac_prefixes_table
end
--- ---
-- Read and parse a generic data file. The other parse functions are -- Read and parse a generic data file. The other parse functions are
-- defined in terms of this one. -- defined in terms of this one.

29
scripts/nbstat.nse
View File

@@ -12,11 +12,11 @@ owns.
-- --
-- @output -- @output
-- Host script results: -- Host script results:
-- |_ nbstat: NetBIOS name: WINDOWS2003, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:c6:da:f5 -- |_ nbstat: NetBIOS name: WINDOWS2003, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:c6:da:f5 (VMware)
-- --
-- Host script results: -- Host script results:
-- | nbstat: -- | nbstat:
-- | | NetBIOS name: WINDOWS2003, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:c6:da:f5 -- | | NetBIOS name: WINDOWS2003, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:c6:da:f5 (VMware)
-- | | Names -- | | Names
-- | | | WINDOWS2003<00> Flags: <unique><active> -- | | | WINDOWS2003<00> Flags: <unique><active>
-- | | | WINDOWS2003<20> Flags: <unique><active> -- | | | WINDOWS2003<20> Flags: <unique><active>
@@ -34,6 +34,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"} categories = {"default", "discovery", "safe"}
require "netbios" require "netbios"
require "datafiles"
hostrule = function(host) hostrule = function(host)
@@ -67,8 +68,11 @@ action = function(host)
local status local status
local names, statistics local names, statistics
local server_name, user_name local server_name, user_name
local mac local mac, prefix, manuf
local response = {} local response = {}
local catch = function() return end
local try = nmap.new_try(catch)
-- Get the list of NetBIOS names -- Get the list of NetBIOS names
status, names, statistics = netbios.do_nbstat(host.ip) status, names, statistics = netbios.do_nbstat(host.ip)
@@ -91,11 +95,24 @@ action = function(host)
return stdnse.format_output(false, user_name) return stdnse.format_output(false, user_name)
end end
-- Build the MAC prefix lookup table
if not nmap.registry.nbstat then
-- Create the table in the registry so we can share between script instances
nmap.registry.nbstat = {}
nmap.registry.nbstat.mac_prefixes = try(datafiles.parse_mac_prefixes())
end
-- Format the Mac address in the standard way -- Format the Mac address in the standard way
if(#statistics >= 6) then if(#statistics >= 6) then
mac = string.format("%02x:%02x:%02x:%02x:%02x:%02x", statistics:byte(1), statistics:byte(2), statistics:byte(3), statistics:byte(4), statistics:byte(5), statistics:byte(6)) -- MAC prefixes are matched on the first three bytes, all uppercase
-- Samba doesn't set the Mac address prefix = string.upper(string.format("%02x%02x%02x", statistics:byte(1), statistics:byte(2), statistics:byte(3)))
if(mac == "00:00:00:00:00:00") then manuf = nmap.registry.nbstat.mac_prefixes[prefix]
if manuf == nil then
manuf = "unknown"
end
mac = string.format("%02x:%02x:%02x:%02x:%02x:%02x (%s)", statistics:byte(1), statistics:byte(2), statistics:byte(3), statistics:byte(4), statistics:byte(5), statistics:byte(6), manuf)
-- Samba doesn't set the Mac address, and nmap-mac-prefixes shows that as Xerox
if(mac == "00:00:00:00:00:00 (Xerox)") then
mac = "<unknown>" mac = "<unknown>"
end end
else else