diff --git a/CHANGELOG b/CHANGELOG index 41c27e387..a9ff7bc16 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added epmd-info.nse, which gets a list of Erlang node port + numbers. [Toni Ruottu] + o [NSE] Added http-affiliate-id.nse, which scrapes a web page for affiliate IDs (like Google AdSense and Amazon associates) that can be used to link sites to the same owner. [Hani Benhabiles, Daniel diff --git a/scripts/epmd-info.nse b/scripts/epmd-info.nse new file mode 100644 index 000000000..7df4cb544 --- /dev/null +++ b/scripts/epmd-info.nse @@ -0,0 +1,52 @@ +description = [[ +Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers. +]] + +--- +-- @usage +-- nmap -p 4369 --script epmd-info +-- +-- @output +-- PORT STATE SERVICE +-- 4369/tcp open epmd +-- | epmd-info.nse: +-- | epmd running on port 4369 +-- | name rabbit at port 36804 +-- |_ name ejabberd at port 46540 + +author = "Toni Ruottu" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"default", "discovery", "safe"} +require "shortport" +require "bin" + +portrule = shortport.port_or_service (4369, "epmd") + +local NAMESREQ = 110 + +action = function(host, port) + local socket = nmap.new_socket() + local status, err = socket:connect(host.ip, port.number) + if not status then + return {} + end + local payload = bin.pack("C", NAMESREQ) + local probe = bin.pack(">SA", #payload, payload) + socket:send(probe) + local status = true + local data = "" + local tmp = "" + while status do + data = data .. tmp + status, tmp = socket:receive() + end + pos, realport = bin.unpack(">I", data) + nodestring = string.sub(data, pos, -2) + nodes = stdnse.strsplit("\n", nodestring) + local response = {} + table.insert(response, 'epmd running on port ' .. realport) + for _, node in ipairs(nodes) do + table.insert(response, node) + end + return stdnse.format_output(true, response) +end diff --git a/scripts/script.db b/scripts/script.db index d1a76661a..51d541a04 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -39,6 +39,7 @@ Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive", Entry { filename = "dpap-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "drda-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } } +Entry { filename = "epmd-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "finger.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "firewalk.nse", categories = { "discovery", "safe", } } Entry { filename = "ftp-anon.nse", categories = { "auth", "default", "safe", } }