PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Add jdwp-version.nse from Michael Schierl.

Browse Source
This commit is contained in:
david
2010-03-18 00:08:30 +00:00
parent ff69b9722e
commit b7b14216e2
3 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -2,6 +2,9 @@
[NOT YET RELEASED] [NOT YET RELEASED]
o [NSE] Added jdwp-version.nse, a script from Michael Schierl that
finds the version of a Java Debug Wire Protocol server.
o Fixed the packaging of x64 versions of WinPcap drivers in the o Fixed the packaging of x64 versions of WinPcap drivers in the
winpcap-nmap installer. 64-bit applications that used WinPcap (like winpcap-nmap installer. 64-bit applications that used WinPcap (like
Wireshark) would fail. [Rob Nicholls] Wireshark) would fail. [Rob Nicholls]

48
scripts/jdwp-version.nse Normal file
View File

@@ -0,0 +1,48 @@
description = [[
Detects the Java Debug Wire Protocol. This protocol is used by Java programs
to be debugged via the network. It should not be open to the public internet,
as it does not provide any security against malicious attackers who can inject
their own bytecode into the debugged process.
Documentation for JDWP is available at
http://java.sun.com/javase/6/docs/technotes/guides/jpda/jdwp-spec.html
]]
author = "Michael Schierl <schierlm@gmx.de>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"version"}
require "comm"
portrule = function(host, port)
-- JDWP will close the port if there is no valid handshake within 2
-- seconds, Service detection's NULL probe detects it as tcpwrapped.
return port.service == "tcpwrapped"
and port.protocol == "tcp" and port.state == "open"
end
action = function(host, port)
-- make sure we get at least one more packet after the JDWP-Handshake
-- response even if there is some delay; the handshake resonse has 14
-- bytes, so wait for 18 bytes here.
local status, result = comm.exchange(host, port, "JDWP-Handshake\0\0\0\11\0\0\0\1\0\1\1", {proto="tcp", bytes=18})
if (not status) then
return
end
-- match jdwp m|JDWP-Handshake| p/$1/ v/$3/ i/$2\n$4/
local match = {string.match(result, "^JDWP%-Handshake%z%z..%z%z%z\1\128%z%z%z%z..([^%z\n]*)\n([^%z]*)%z%z..%z%z..%z%z..([0-9._]+)%z%z..([^%z]*)")}
if match == nil then
-- if we have one \128 (reply marker), it is at least not echo because the request did not contain \128
if (string.match(result,"^JDWP%-Handshake%z.*\128") ~= nil) then
port.version.name="jdwp"
port.version.product="unknown"
nmap.set_port_version(host, port, "hardmatched")
end
return
end
port.version.name="jdwp"
port.version.product = match[1]
port.version.version = match[3]
-- port.version.extrainfo = match[2] .. "\n" .. match[4]
nmap.set_port_version(host, port, "hardmatched")
return
end

1
scripts/script.db
View File

@@ -42,6 +42,7 @@ Entry { filename = "iax2-version.nse", categories = { "version", } }
Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } } Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } } Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } }
Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "jdwp-version.nse", categories = { "version", } }
Entry { filename = "ldap-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "ldap-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } } Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } } Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }