diff --git a/scripts/lltd-discovery.nse b/scripts/lltd-discovery.nse index 2e463286f..0e61cc472 100644 --- a/scripts/lltd-discovery.nse +++ b/scripts/lltd-discovery.nse @@ -24,8 +24,16 @@ http://www.microsoft.com/whdc/connect/Rally/LLTD-spec.mspx -- -- @output -- | lltd-discovery: --- | IP: 192.168.56.101 MAC: 08:00:27:cc:fe:36 IPv6: fe80:0000:0000:0000:c152:9853:f921:9b82 --- | IP: 192.168.56.102 MAC: 08:00:27:11:04:a9 IPv6: fe80:0000:0000:0000:a5cb:ae6f:1b5f:0595 +-- | 192.168.1.52 +-- | Hostname: Dell-PC +-- | Mac: 08:00:27:00:48:58 +-- | IPv6: fe80:0000:0000:0000:0000:0000:c0a8:0134 +-- | 192.168.1.22 +-- | Hostname: core +-- | Mac: 08:00:27:57:30:7f +-- | 192.168.1.33 +-- | Hostname: winxp-2b +-- | Mac: 08:00:27:79:fd:d2 -- |_ Use the newtargets script-arg to add the results as targets -- @@ -76,6 +84,7 @@ local parseHello = function(data) local mac = nil local ipv4 = nil local ipv6 = nil + local hostname = nil local pos = 1 pos = pos + 6 @@ -117,17 +126,26 @@ local parseHello = function(data) elseif t == 0x07 then -- IPv4 address ipv4 = string.format("%d.%d.%d.%d",v:byte(1),v:byte(2),v:byte(3),v:byte(4)), mac + + -- Machine Name (Hostname) + elseif t == 0x0f then + hostname = '' + -- Hostname is returned in unicode, but Lua doesn't support that, + -- so we skip 00 values. + for i=1, #v-1, 2 do + hostname = hostname .. string.char(v:byte(i)) + end end p = p + l - if ipv4 and ipv6 and mac then + if ipv4 and ipv6 and mac and hostname then break end end end - return ipv4, mac, ipv6 + return ipv4, mac, ipv6, hostname end --- Creates an LLTD Quick Discovery packet with the source MAC address @@ -180,7 +198,7 @@ local LLTDDiscover = function(if_table, lltd_responders, timeout) local dnet = nmap.new_dnet() local try = nmap.new_try(function() dnet:ethernet_close() pcap:close() end) - pcap:pcap_open(if_table.device, 104, false, "") + pcap:pcap_open(if_table.device, 256, false, "") try(dnet:ethernet_open(if_table.device)) local packet = QuickDiscoveryPacket(if_table.mac) @@ -197,12 +215,13 @@ local LLTDDiscover = function(if_table, lltd_responders, timeout) if stdnse.tohex(packet:sub(13,14)) == "88d9" then start_s = os.time() - local ipv4, mac, ipv6 = parseHello(packet) + local ipv4, mac, ipv6, hostname = parseHello(packet) if ipv4 then if not lltd_responders[ipv4] then lltd_responders[ipv4] = {} lltd_responders[ipv4].mac = mac + lltd_responders[ipv4].hostname = hostname lltd_responders[ipv4].ipv6 = ipv6 end end @@ -284,27 +303,24 @@ action = function() -- generate output local output = {} - if target.ALLOW_NEW_TARGETS then - for ip_addr, info in pairs(lltd_responders) do - target.add(ip_addr) - local s = "IP: "..ip_addr..string.rep(" ",15-#ip_addr).." MAC: "..info.mac - if info.ipv6 then - s = s.." IPv6: ".. info.ipv6 - end - table.insert(output,s) - end - else - for ip_addr, info in pairs(lltd_responders) do - local s ="IP: "..ip_addr..string.rep(" ",15-#ip_addr).." MAC: "..info.mac - if info.ipv6 then - s = s .. " IPv6: ".. info.ipv6 - end - table.insert(output,s) - end - if #output>0 then - table.insert(output,"Use the newtargets script-arg to add the results as targets") - end + for ip_addr, info in pairs(lltd_responders) do + if target.ALLOW_NEW_TARGETS then target.add(ip_addr) end + + local s = {} + s.name = ip_addr + if info.hostname then + table.insert(s, "Hostname: " .. info.hostname) + end + if info.mac then + table.insert(s, "Mac: " .. info.mac) + end + if info.ipv6 then + table.insert(s, "IPv6: " .. info.ipv6) + end + table.insert(output,s) + end + if #output>0 and not target.ALLOW_NEW_TARGETS then + table.insert(output,"Use the newtargets script-arg to add the results as targets") end - return stdnse.format_output( (#output>0), output ) end diff --git a/scripts/tls-nextprotoneg.nse b/scripts/tls-nextprotoneg.nse index e41936949..4261201ad 100644 --- a/scripts/tls-nextprotoneg.nse +++ b/scripts/tls-nextprotoneg.nse @@ -122,6 +122,7 @@ local check_npn = function(response) "spdy/2", "spdy/1", "http/1.1", + "http1.1", } if not response then