PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added the script broadcast-pppoe-discover that discovers PPPoE servers

Browse Source 
on the LAN using the PPPoE Discovery Protocol. [Patrik]
This commit is contained in:
patrik
2012-01-10 18:22:39 +00:00
parent 0267b56a27
commit 956c9ffe53
4 changed files with 1132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added the script broadcast-pppoe-discover that discovers PPPoE servers
on the LAN using the PPPoE Discovery Protocol. [Patrik]
o [NSE] Added the script membase-brute that performs password brute force o [NSE] Added the script membase-brute that performs password brute force
password guessing against the Membase TAP protocol. [Patrik] password guessing against the Membase TAP protocol. [Patrik]

1009
nselib/pppoe.lua Normal file
View File

File diff suppressed because it is too large Load Diff

119
scripts/broadcast-pppoe-discover.nse Normal file
View File

@@ -0,0 +1,119 @@
description = [[
Discovers PPPoE servers using the PPPoE Discovery protocol (PPPoED)
The PPPoE is an ethernet based protocol so the script has to know what ethernet
interface to use for discovery. If no interface is specified, requests are sent
out on all available interfaces.
As the script send raw ethernet frames it requires Nmap to be run in privileged
mode to operate.
]]
---
-- @usage
-- nmap --script broadcast-pppoe-discover
--
-- @output
-- | broadcast-pppoe-discover:
-- | Server: 08:00:27:AB:CD:EF
-- | Version: 1
-- | Type: 1
-- | TAGs
-- | AC-Name: ISP
-- | Service-Name: test
-- | AC-Cookie: e98010ed8c59a870f0dc94d56ac1095dd321000001
-- |_ Host-Uniq: 7f8552a0
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
require 'pppoe'
prerule = function() return true end
local function fail(err)
return ("\n ERROR: %s"):format(err)
end
local function mac_tostr(mac)
local srv_mac = {}
for i=1, #mac do table.insert(srv_mac, select(2,bin.unpack("H", mac, i))) end
return stdnse.strjoin(":", srv_mac)
end
local function discoverPPPoE(helper)
local status, err = helper:connect()
if ( not(status) ) then
return false, err
end
local status, pado = helper:discoverInit()
if ( not(status) ) then
return false, pado
end
status, err = helper:discoverRequest()
if ( not(status) ) then
return false, err
end
return true, pado
end
-- Gets a list of available interfaces based on link and up filters
--
-- @param link string containing the link type to filter
-- @param up string containing the interface status to filter
-- @return result table containing the matching interfaces
local function getInterfaces(link, up)
if( not(nmap.list_interfaces) ) then return end
local interfaces, err = nmap.list_interfaces()
local result
if ( not(err) ) then
for _, iface in ipairs(interfaces) do
if ( iface.link == link and iface.up == up ) then
result = result or {}
result[iface.device] = true
end
end
end
return result
end
action = function()
local interfaces
-- first check if the user supplied an interface
if ( nmap.get_interface() ) then
interfaces = { [nmap.get_interface()] = true }
else
interfaces = getInterfaces("ethernet", "up")
end
for iface in pairs(interfaces) do
local helper, err = pppoe.Helper:new(iface)
if ( not(helper) ) then
return fail(err)
end
local status, pado = discoverPPPoE(helper)
if ( not(status) ) then
return fail(pado)
end
helper:close()
local output = { name = ("Server: %s"):format(mac_tostr(pado.mac_srv)) }
table.insert(output, ("Version: %d"):format(pado.header.version))
table.insert(output, ("Type: %d"):format(pado.header.type))
local tags = { name = "TAGs" }
for _, tag in ipairs(pado.tags) do
local name, val = pppoe.PPPoE.TagName[tag.tag], tag.decoded
table.insert(tags, ("%s: %s"):format(name, val))
end
table.insert(output, tags)
return stdnse.format_output(true, output)
end
end

1
scripts/script.db
View File

@@ -27,6 +27,7 @@ Entry { filename = "broadcast-novell-locate.nse", categories = { "broadcast", "s
Entry { filename = "broadcast-pc-anywhere.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-pc-anywhere.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-pc-duo.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-pc-duo.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-ping.nse", categories = { "broadcast", "discovery", "safe", } } Entry { filename = "broadcast-ping.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "broadcast-pppoe-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-rip-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-rip-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-sybase-asa-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-sybase-asa-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-upnp-info.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-upnp-info.nse", categories = { "broadcast", "safe", } }