PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity

New script weblogic-t3-info

Browse Source 
http://seclists.org/nmap-dev/2013/q4/74
This commit is contained in:
dmiller
2013-10-30 15:10:00 +00:00
parent 7e820465a5
commit af8874d66f
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/script.db
View File

@@ -450,6 +450,7 @@ Entry { filename = "vnc-info.nse", categories = { "default", "discovery", "safe"
Entry { filename = "voldemort-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "vuze-dht-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "wdb-version.nse", categories = { "default", "discovery", "version", "vuln", } }
Entry { filename = "weblogic-t3-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "whois-domain.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "whois-ip.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "wsdd-discover.nse", categories = { "default", "discovery", "safe", } }

75
scripts/weblogic-t3-info.nse Normal file
View File

@@ -0,0 +1,75 @@
local comm = require "comm"
local string = require "string"
local shortport = require "shortport"
local nmap = require "nmap"
description = "Detect the T3 RMI protocol and Weblogic version"
author = "Alessandro ZANNI <alessandro.zanni@bt.com> and Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default","safe","discovery","version"}
portrule = function(host, port)
if type(port.version) == "table" and port.version.name_confidence > 3 and port.version.product ~= nil then
return string.find(port.version.product, "WebLogic", 1, true)
end
return shortport.version_port_or_service({7001,7002,7003},"http")(host,port)
end
action = function(host, port)
local status, result = comm.exchange(host, port,
"t3 12.1.2\nAS:2048\nHL:19\n\n",
{proto=port.protocol, timeout=5000})
if (not status) then
return nil
end
local weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.")
local rval = nil
port.version = port.version or {}
local extrainfo = port.version.extrainfo
if extrainfo == nil then
extrainfo = ""
else
extrainfo = extrainfo .. "; "
end
if weblogic_version then
port.version.version = weblogic_version
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")"
elseif string.match(result, "^LGIN:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (handshake failed)"
elseif string.match(result, "^SERV:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No such service)"
elseif string.match(result, "^UNAV:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Service unavailable)"
elseif string.match(result, "^LICN:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No license)"
elseif string.match(result, "^RESC:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No resource)"
elseif string.match(result, "^VERS:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Incompatible version)"
elseif string.match(result, "^CATA:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Catastrophic failure)"
elseif string.match(result, "^CMND:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No such command)"
end
if rval then
if port.version.product == nil then
port.version.product = "WebLogic application server"
end
nmap.set_port_version(host, port, "hardmatched")
end
return rval
end