PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 21:51:28 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added script broadcast-listener that attempts to discover hosts by

Browse Source 
passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]
This commit is contained in:
patrik
2011-08-10 16:46:55 +00:00
parent 48ed788ab7
commit a1d515e548
4 changed files with 791 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added script broadcast-listener that attempts to discover hosts by
passively listening to the network. It does so by decoding ethernet and IP
broadcast and multicast messages. [Patrik]
o Fixed a bug that would make Nmap segfault if it failed to open an interface
using pcap. The bug details and patch are posted here:
http://seclists.org/nmap-dev/2011/q3/365 [Patrik]

507
nselib/data/packetdecoders.lua Normal file
View File

@@ -0,0 +1,507 @@
--- The following file contains a list of decoders used by the
-- broadcast-listener script. A decoder can be either "ethernet" based or IP
-- based. As we're only monitoring broadcast traffic (ie. traffic not
-- explicitly addressed to us) we're mainly dealing with:
-- o UDP broadcast or multicast traffic
-- o ethernet broadcast traffic
--
-- Hence, the Decoder table defines two sub tables ether and udp.
-- In order to match an incoming UDP packet the destination port number is
-- used, therefore each function is indexed based on their destination port
-- for the udp based decoders. For the ether table each decoder function is
-- indexed according to a pattern that the decoding engine attempts to match.
--
-- Each decoder defines three functions:
-- o <code>new</code> - creates a new instance of the decoder
-- o <code>process</code> - process a packet passed through the
-- <code>data</code> argument.
-- o <code>getResults</code> - retrieve any discovered results
--
-- The discovery engine creates an instance of each decoder once it's needed.
-- Then discovery engine stores this instance in a decoder table for reference
-- once the next packet of the same type comes in. This allows the engine to
-- discard duplicate packets and to request the collected results at the end
-- of the session.
--
-- Currently, the packet decoder decodes the following protocols:
-- o Ether
-- x ARP requests (IPv4)
-- x CDP - Cisco Discovery Protocol
--
-- o UDP
-- x DHCP
-- x Netbios
-- x SSDP
-- x HSRP
-- x DropBox
-- x Logitech SqueezeBox Discovery
-- x Multicast DNS/Bonjour/ZeroConf
-- x Spotify
--
--
-- @author "Patrik Karlsson <patrik@cqure.net>"
-- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
-- Version 0.1
-- Created 07/25/2011 - v0.1 - created by Patrik Karlsson
require 'target'
Decoders = {
ether = {
-- ARP IPv4
['^00..08000604'] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, data)
local ipOps = require("ipOps")
local pos, hw, proto, hwsize, protosize, opcode = bin.unpack(">SSCCS", data)
-- this shouldn't ever happen, given our filter
if ( hwsize ~= 6 ) then return end
local sender, target = {}, {}
-- if this isn't an ARP request, abort
if ( opcode ~= 1 ) then return end
pos, sender.mac,
sender.ip,
target.mac,
target.ip = bin.unpack("<H" .. hwsize .. "IH" .. hwsize .. "I", data, pos)
if ( not(self.results) ) then
self.results = tab.new(3)
tab.addrow(self.results, 'sender ip', 'sender mac', 'target ip')
end
if ( not(self.dups[("%d:%s"):format(sender.ip,sender.mac)]) ) then
if ( target.ALLOW_NEW_TARGETS ) then target.add(sender.ip) end
local mac = sender.mac:gsub("(..)(..)(..)(..)(..)(..)","%1:%2:%3:%4:%5:%6")
self.dups[("%d:%s"):format(sender.ip,sender.mac)] = true
tab.addrow(self.results, ipOps.fromdword(sender.ip), mac, ipOps.fromdword(target.ip))
end
end,
getResults = function(self) return { name = "ARP Request", (self.results and tab.dump(self.results) or "") } end,
},
-- CDP
['^AAAA..00000C2000'] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, data)
local pos, ver, ttl, chk = bin.unpack(">CCS", data, 9)
if ( ver ~= 2 ) then return end
if ( not(self.results) ) then
self.results = tab.new(4)
tab.addrow( self.results, 'ip', 'id', 'platform', 'version' )
end
local result_part = {}
while ( pos < #data ) do
local typ, len, typdata
pos, typ, len = bin.unpack(">SS", data, pos)
pos, typdata = bin.unpack("A" .. len - 4, data, pos)
-- Device ID
if ( typ == 1 ) then
result_part.id = typdata
-- Version
elseif ( typ == 5 ) then
result_part.version = typdata:match(", Version (.-),")
-- Platform
elseif ( typ == 6 ) then
result_part.platform = typdata
-- Address
elseif ( typ == 2 ) then
-- TODO: add more decoding here ...
local pos, count = bin.unpack(">I", typdata)
-- for i=1, count do
--
-- end
result_part.ip = '?'
end
end
-- TODO: add code for dups check
if ( not(self.dups[result_part.ip]) ) then
self.dups[result_part.ip] = true
tab.addrow( self.results, result_part.ip, result_part.id, result_part.platform, result_part.version )
end
end,
getResults = function(self) return { name = "CDP", (self.results and tab.dump(self.results) or "") } end,
}
},
udp = {
-- DHCP
[68] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
getOption = function(options, name)
for _, v in ipairs(options) do
if ( v.name == name ) then
if ( type(v.value) == "table" ) then
return stdnse.strjoin(", ", v.value)
else
return v.value
end
end
end
end,
process = function(self, layer3)
local dhcp = require("dhcp")
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
-- the dhcp.parse function isn't optimal for doing
-- this, but it will do for now. First, we need to
-- extract the xid as the parse function checks that it
-- was the same as in the request, which we didn't do.
local pos, msgtype, _, _, _, xid = bin.unpack("<CCCCA4", data)
-- attempt to parse the data
local status, result = dhcp.dhcp_parse(data, xid)
if ( status ) then
if ( not(self.results) ) then
self.results = tab.new(5)
tab.addrow(self.results, "srv ip", "cli ip", "mask", "gw", "dns" )
end
local uniq_key = ("%s:%s"):format(p.ip_src, result.yiaddr_str)
if ( not(self.dups[uniq_key]) ) then
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
local mask = self.getOption(result.options, "Subnet Mask") or "-"
local gw = self.getOption(result.options, "Router") or "-"
local dns = self.getOption(result.options, "Domain Name Server") or "-"
tab.addrow(self.results, p.ip_src, result.yiaddr_str, mask, gw, dns )
end
end
end,
getResults = function(self) return { name = "DHCP", (self.results and tab.dump(self.results) or "") } end,
},
-- Netbios
[137] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local dns = require('dns')
local bin = require('bin')
local netbios = require('netbios')
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
local dresp = dns.decode(data)
if ( not(dresp.questions) or #dresp.questions < 1 ) then return end
local name = netbios.name_decode("\32" .. dresp.questions[1].dname)
if ( not(self.results) ) then
self.results = tab.new(2)
tab.addrow( self.results, 'ip', 'query' )
end
-- check for duplicates
if ( not(self.dups[("%s:%s"):format(p.ip_src, name)]) ) then
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
tab.addrow( self.results, p.ip_src, name )
self.dups[("%s:%s"):format(p.ip_src, name)] = true
end
end,
getResults = function(self) return { name = "Netbios", (self.results and tab.dump(self.results) or "") } end,
},
--- SSDP
[1900] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
local headers = stdnse.strsplit("\r\n", data)
for _, h in ipairs(headers) do
local st = ""
if ( h:match("^ST:.*") ) then
st = h:match("^ST:(.*)")
if ( not(self.results) ) then
self.results = tab.new(1)
tab.addrow( self.results, 'ip', 'uri' )
end
if ( not(self.dups[("%s:%s"):format(p.ip_src,st)]) ) then
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
tab.addrow( self.results, p.ip_src, st )
self.dups[("%s:%s"):format(p.ip_src,st)] = true
end
end
end
end,
getResults = function(self) return { name = "SSDP", (self.results and tab.dump(self.results) or "") } end,
},
--- HSRP
[1985] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
local ipOps = require("ipOps")
local State = {
[0] = "Initial",
[1] = "Learn",
[2] = "Listen",
[4] = "Speak",
[8] = "Standby",
[16] = "Active"
}
local Op = {
[0] = "Hello",
[1] = "Coup",
[2] = "Resign",
}
local pos, version, op, state, _, _, prio, group, _, secret = bin.unpack("CCCCCCCCz", data)
if ( version ~= 0 ) then return end
pos = pos + ( 7 - #secret )
local virtip
pos, virtip = bin.unpack("<I", data, pos)
if ( not(self.dups[p.ip_src]) ) then
if ( not(self.results) ) then
self.results = tab.new(7)
tab.addrow(self.results, 'ip', 'version', 'op', 'state', 'prio', 'group', 'secret', 'virtual ip')
end
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
self.dups[p.ip_src] = true
tab.addrow(self.results, p.ip_src, version, Op[op], State[state], prio, group, secret, ipOps.fromdword(virtip))
end
end,
getResults = function(self) return { name = "HSRP", (self.results and tab.dump(self.results) or "") } end,
},
-- Dropbox
[17500] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local json = require("json")
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
local status, info = json.parse(data)
if ( not(status) ) then
return false, "Failed to parse JSON data"
end
-- Add host to list.
for _, key1 in pairs({"namespaces", "version"}) do
for key2, val in pairs(info[key1]) do
info[key1][key2] = tostring(info[key1][key2])
end
end
if ( not(self.results) ) then
self.results = tab.new(6)
tab.addrow(
self.results,
'displayname',
'ip',
'port',
'version',
'host_int',
'namespaces'
)
end
if ( not(self.dups[p.ip_src]) ) then
tab.addrow(
self.results,
info.displayname,
p.ip_src,
info.port,
stdnse.strjoin(".", info.version),
info.host_int,
stdnse.strjoin(", ", info.namespaces)
)
self.dups[p.ip_src] = true
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
end
end,
getResults = function(self) return { name = "DropBox", (self.results and tab.dump(self.results) or "") } end,
},
--- Squeezebox Discovery
[3483] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
if ( data:match("^eIPAD") ) then
if ( not(self.results) ) then
self.results = tab.new(1)
tab.addrow( self.results, 'ip' )
end
if ( not(self.dups[p.ip_src]) ) then
tab.addrow( self.results, p.ip_src )
self.dups[p.ip_src] = true
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
end
end
end,
getResults = function(self) return { name = "Squeezebox Discovery", (self.results and tab.dump(self.results) or "") } end,
},
-- Multicast DNS/BonJour/ZeroConf
[5353] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local dns = require('dns')
local bin = require('bin')
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
local dresp = dns.decode(data)
local name
if ( dresp.questions and #dresp.questions > 0 ) then
name = dresp.questions[1].dname
elseif ( dresp.answers and #dresp.answers > 0 ) then
name = dresp.answers[1].dname
end
if ( not(name) ) then return end
if ( not(self.results) ) then
self.results = tab.new(2)
tab.addrow( self.results, 'ip', 'query' )
end
-- check for duplicates
if ( not(self.dups[("%s:%s"):format(p.ip_src, name)]) ) then
tab.addrow( self.results, p.ip_src, name )
self.dups[("%s:%s"):format(p.ip_src, name)] = true
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
end
end,
getResults = function(self) return { name = "MDNS", (self.results and tab.dump(self.results) or "") } end,
},
--- Spotify
[57621] = {
new = function(self)
local o = { dups = {} }
setmetatable(o, self)
self.__index = self
return o
end,
process = function(self, layer3)
local p = packet.Packet:new( layer3, #layer3 )
local data = layer3:sub(p.udp_offset + 9)
if ( data:match("^SpotUdp") ) then
if ( not(self.results) ) then
self.results = tab.new(1)
tab.addrow( self.results, 'ip' )
end
if ( not(self.dups[p.ip_src]) ) then
tab.addrow( self.results, p.ip_src )
self.dups[p.ip_src] = true
if ( target.ALLOW_NEW_TARGETS ) then target.add(p.ip_src) end
end
end
end,
getResults = function(self) return { name = "Spotify", (self.results and tab.dump(self.results) or "") } end,
}
}
}

278
scripts/broadcast-listener.nse Normal file
View File

@@ -0,0 +1,278 @@
description = [[
The script sniffs the network for incoming broadcast communication and
attempts to decode the received packets. It supports protocols like CDP, HSRP,
Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more
information.
The script attempts to sniff all ethernet based interfaces with an IPv4 address
unless a specific interface was given using the -e argument to Nmap.
]]
---
-- @usage
-- nmap --script broadcast-listener
-- nmap --script broadcast-listener -e eth0
--
-- @output
-- | broadcast-listener:
-- | udp
-- | Netbios
-- | ip query
-- | 192.168.0.60 \x01\x02__MSBROWSE__\x02\x01
-- | DHCP
-- | srv ip cli ip mask gw dns
-- | 192.168.0.1 192.168.0.5 255.255.255.0 192.168.0.1 192.168.0.18, 192.168.0.19
-- | DropBox
-- | displayname ip port version host_int namespaces
-- | 39000860 192.168.0.107 17500 1.8 39000860 28814673, 29981099
-- | HSRP
-- | ip version op state prio group secret virtual ip
-- | 192.168.0.254 0 Hello Active 110 1 cisco 192.168.0.253
-- | ether
-- | CDP
-- | ip id platform version
-- | ? Router cisco 7206VXR 12.3(23)
-- | ARP Request
-- | sender ip sender mac target ip
-- | 192.168.0.101 00:04:30:26:DA:C8 192.168.0.60
-- |_ 192.168.0.1 90:24:1D:C8:B9:AE 192.168.0.60
--
-- @args broadcast-listener.timeout specifies the amount of seconds to sniff
-- the network interface. (default 30s)
--
-- The script attempts to discover all available ipv4 network interfaces,
-- unless the Nmap -e argument has been supplied, and then starts sniffing
-- packets on all of the discovered interfaces. It sets a BPF filter to exclude
-- all packets that have the interface address as source or destination in
-- order to capture broadcast traffic.
--
-- Incoming packets can either be either layer 3 (usually UDP) or layer 2.
-- Depending on the layer the packet is matched against a packet decoder loaded
-- from the external nselib/data/packetdecoder.lua file. A more detailed
-- description on how the decoders work can be found in that file.
-- In short, there are two different types of decoders: udp and ether.
-- The udp decoders get triggered by the destination port number, while the
-- ether decoders are triggered by a pattern match. The port or pattern is used
-- as an index in a table containing functions to process packets and fetch
-- the decoded results.
--
--
-- Version 0.1
-- Created 07/02/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 07/25/2011 - v0.2 -
-- * added more documentation
-- * added getInterfaces code to detect available
-- interfaces.
-- * corrected bug that would fail to load
-- decoders if not in a relative directory.
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe"}
prerule = function() return true end
require('packet')
require('tab')
---
-- loads the decoders from file
--
-- @param fname string containing the name of the file
-- @return status true on success false on failure
-- @return decoders table of decoder functions on success
-- @return err string containing the error message on failure
loadDecoders = function(fname)
-- resolve the full, absolute, path
local abs_fname = nmap.fetchfile(fname)
if ( not(abs_fname) ) then
return false, ("ERROR: Failed to load decoder definition (%s)"):format(fname)
end
local file = loadfile(abs_fname)
if(not(file)) then
stdnse.print_debug("%s: Couldn't load decoder file: %s", SCRIPT_NAME, fname)
return false, "ERROR: Couldn't load decoder file: " .. fname
end
setfenv(file, setmetatable({Decoders = {}; }, {__index = _G}))
file()
local d = getfenv(file)["Decoders"]
if ( d ) then return true, d end
return false, "ERROR: Failed to load decoders"
end
---
-- Starts sniffing the selected interface for packets with a destination that
-- is not explicitly ours (broadcast, multicast etc.)
--
-- @param iface table containing <code>name</code> and <code>address</code>
-- @param Decoders the decoders class loaded externally
-- @param decodertab the "result" table to which all discovered items are
-- reported
sniffInterface = function(iface, Decoders, decodertab)
local condvar = nmap.condvar(decodertab)
local sock = nmap.new_socket()
local timeout = tonumber(stdnse.get_script_args("broadcast-listener.timeout"))
-- default to 30 seconds, if nothing else was set
timeout = timeout and (timeout * 1000) or (30 * 1000)
-- We wan't all packets that aren't explicitly for us
sock:pcap_open(iface.name, 1500, false, ("!host %s"):format(iface.address))
-- Set a short timeout so that we can timeout in time if needed
sock:set_timeout(100)
local start_time = nmap.clock_ms()
while( nmap.clock_ms() - start_time < timeout ) do
local status, _, _, data = sock:pcap_receive()
if ( status ) then
local p = packet.Packet:new( data, #data )
-- if we have an UDP-based broadcast, we should have a proper packet
if ( p and p.udp_dport and ( decodertab.udp[p.udp_dport] or Decoders.udp[p.udp_dport] ) ) then
if ( not(decodertab.udp[p.udp_dport]) ) then
decodertab.udp[p.udp_dport] = Decoders.udp[p.udp_dport]:new()
end
decodertab.udp[p.udp_dport]:process(data)
-- The packet was decoded successfully but we don't have a valid decoder
-- Report this
elseif ( p and p.udp_dport ) then
stdnse.print_debug(2, "No decoder for dst port %d", p.udp_dport)
-- we don't have a packet, so this is most likely something layer2 based
-- in that case, check the ether Decoder table for pattern matches
else
-- attempt to find a match for a pattern
local pos, hex = bin.unpack("H" .. #data, data)
local decoded = false
for match, _ in pairs(Decoders.ether) do
-- attempts to match the "raw" packet against a filter
-- supplied in each ethernet packet decoder
if ( hex:match(match) ) then
if ( not(decodertab.ether[match]) ) then
decodertab.ether[match] = Decoders.ether[match]:new()
end
-- start a new decoding thread. This way, if something gets foobared
-- the whole script doesn't break, only the packet decoding for that
-- specific packet.
stdnse.new_thread( decodertab.ether[match].process, decodertab.ether[match], data )
decoded = true
end
end
-- no decoder was found for this layer2 packet
if ( not(decoded) and #data > 10 ) then
stdnse.print_debug(2, "No decoder for packet hex: %s", select(2, bin.unpack("H10", data) ) )
end
end
end
end
condvar "signal"
end
---
-- Gets a list of available interfaces based on link and up filters
-- Interfaces are only added if they've got an ipv4 address
--
-- @param link string containing the link type to filter
-- @param up string containing the interface status to filter
-- @return result table containing tables of interfaces
-- each interface table has the following fields:
-- <code>name</code> containing the device name
-- <code>address</code> containing the device address
getInterfaces = function(link, up)
if( not(nmap.list_interfaces) ) then return end
local interfaces, err = nmap.list_interfaces()
local result
if ( not(err) ) then
for _, iface in ipairs(interfaces) do
if ( iface.link == link and
iface.up == up and
iface.address ) then
-- exclude ipv6 addresses for now
if ( not(iface.address:match(":")) ) then
result = result or {}
table.insert(result, { name = iface.device,
address = iface.address } )
end
end
end
end
return result
end
action = function()
local DECODERFILE = "nselib/data/packetdecoders.lua"
local iface = nmap.get_interface()
local interfaces = {}
-- was an interface supplied using the -e argument?
if ( iface ) then
local iinfo, err = nmap.get_interface_info(iface)
if ( not(iinfo.address) ) then
return "\n ERROR: The IP address of the interface could not be determined ..."
end
interfaces = { { name = iface, address = iinfo.address } }
else
-- no interface was supplied, attempt autodiscovery
interfaces = getInterfaces("ethernet", "up")
end
-- make sure we have at least one interface to start sniffing
if ( #interfaces == 0 ) then
return "\n ERROR: Could not determine any valid interfaces"
end
-- load the decoders from file
local status, Decoders = loadDecoders(DECODERFILE)
if ( not(status) ) then return "\n " .. Decoders end
-- create a local table to handle instantiated decoders
local decodertab = { udp = {}, ether = {} }
local condvar = nmap.condvar(decodertab)
local threads = {}
-- start a thread for each interface to sniff
for _, iface in ipairs(interfaces) do
local co = stdnse.new_thread(sniffInterface, iface, Decoders, decodertab)
threads[co] = true
end
-- wait for all threads to finish sniffing
repeat
condvar "wait"
for thread in pairs(threads) do
if coroutine.status(thread) == "dead" then
threads[thread] = nil
end
end
until next(threads) == nil
local out_outer = {}
-- create the results table
for proto, _ in pairs(decodertab) do
local out_inner = {}
for key, decoder in pairs(decodertab[proto]) do
table.insert( out_inner, decodertab[proto][key]:getResults() )
end
if ( #out_inner > 0 ) then
table.insert( out_outer, { name = proto, out_inner } )
end
end
return stdnse.format_output(true, out_outer)
end

2
scripts/script.db
View File

@@ -9,11 +9,13 @@ Entry { filename = "auth-spoof.nse", categories = { "malware", "safe", } }
Entry { filename = "backorifice-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "backorifice-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "banner.nse", categories = { "discovery", "safe", } }
Entry { filename = "bittorrent-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
Entry { filename = "broadcast-db2-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-dhcp-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-dns-service-discovery.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-dropbox-listener.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-listener.nse", categories = { "safe", } }
Entry { filename = "broadcast-ms-sql-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-netbios-master-browser.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-novell-locate.nse", categories = { "broadcast", "safe", } }