PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-29 02:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Add sstp-discover NSE script from Niklaus Schiess

Browse Source
This commit is contained in:
dmiller
2014-01-16 19:07:43 +00:00
parent 645ef2a0bd
commit a998d97216
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
scripts/sstp-discover.nse Normal file
View File

@@ -0,0 +1,75 @@
local nmap = require 'nmap'
local comm = require 'comm'
local string = require 'string'
local stdnse = require 'stdnse'
local shortport = require 'shortport'
description = [[
Check if the Secure Socket Tunneling Protocol is supported. This is
accomplished by trying to establish the HTTPS layer which is used to
carry SSTP traffic as described in:
- http://msdn.microsoft.com/en-us/library/cc247364.aspx
Current SSTP server implementations:
- Microsoft Windows (Server 2008/Server 2012)
- MikroTik RouterOS
- SEIL (http://www.seil.jp)
]]
--SSTP specification:
-- _ http://msdn.microsoft.com/en-us/library/cc247338.aspx
--
--Info about the default URI (ServerUri):
-- - http://support.microsoft.com/kb/947054
--
--SSTP Remote Access Step-by-Step Guide: Deployment:
-- - http://technet.microsoft.com/de-de/library/cc731352(v=ws.10).aspx
--
--SSTP enabled hosts (for testing purposes):
-- - http://billing.purevpn.com/sstp-manual-setup-hostname-list.php
author = "Niklaus Schiess <nschiess@adversec.com>"
categories = {'discovery', 'default'}
---
--@output
-- 443/tcp open https
-- |_sstp-discover: SSTP is supported.
--@xmloutput
-- true
-- SSTP negotiation response (Windows)
--
-- HTTP/1.1 200
-- Content-Length: 18446744073709551615
-- Server: Microsoft-HTTPAPI/2.0
-- Date: Fri, 01 Nov 2013 00:00:00 GMT
-- SSTP negotiation response (Mikrotik RouterOS)
--
-- HTTP/1.1 200
-- Content-Length: 18446744073709551615
-- Server: MikroTik-SSTP
-- Date: Fri, 01 Nov 2013 00:00:00 GMT
portrule = function(host, port)
return shortport.http(host, port) and shortport.ssl(host, port)
end
local request = 'SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75} HTTP/1.1\r\nHost: %s\r\nSSTPCORRELATIONID: {}\r\n\r\nContent-Length: 18446744073709551615\r\n\r\n'
action = function(host, port)
local socket, response = comm.tryssl(host,port,
string.format(request, host.targetname or host.ip),
{ timeout=3000, lines=4 })
if not socket then
stdnse.print_debug("%s: Problem establishing connection: %s", SCRIPT_NAME, response)
return nil
end
socket:close()
if string.match(response, 'HTTP/1.1 200') then
return true, 'SSTP is supported.'
end
return nil
end