PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Add epmd-info script from Toni Ruottu.

Browse Source
This commit is contained in:
david
2011-04-04 18:28:33 +00:00
parent 8663bf9b17
commit d0ea18119c
3 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added epmd-info.nse, which gets a list of Erlang node port
numbers. [Toni Ruottu]
o [NSE] Added http-affiliate-id.nse, which scrapes a web page for o [NSE] Added http-affiliate-id.nse, which scrapes a web page for
affiliate IDs (like Google AdSense and Amazon associates) that can affiliate IDs (like Google AdSense and Amazon associates) that can
be used to link sites to the same owner. [Hani Benhabiles, Daniel be used to link sites to the same owner. [Hani Benhabiles, Daniel

52
scripts/epmd-info.nse Normal file
View File

@@ -0,0 +1,52 @@
description = [[
Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers.
]]
---
-- @usage
-- nmap -p 4369 --script epmd-info <target>
--
-- @output
-- PORT STATE SERVICE
-- 4369/tcp open epmd
-- | epmd-info.nse:
-- | epmd running on port 4369
-- | name rabbit at port 36804
-- |_ name ejabberd at port 46540
author = "Toni Ruottu"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
require "shortport"
require "bin"
portrule = shortport.port_or_service (4369, "epmd")
local NAMESREQ = 110
action = function(host, port)
local socket = nmap.new_socket()
local status, err = socket:connect(host.ip, port.number)
if not status then
return {}
end
local payload = bin.pack("C", NAMESREQ)
local probe = bin.pack(">SA", #payload, payload)
socket:send(probe)
local status = true
local data = ""
local tmp = ""
while status do
data = data .. tmp
status, tmp = socket:receive()
end
pos, realport = bin.unpack(">I", data)
nodestring = string.sub(data, pos, -2)
nodes = stdnse.strsplit("\n", nodestring)
local response = {}
table.insert(response, 'epmd running on port ' .. realport)
for _, node in ipairs(nodes) do
table.insert(response, node)
end
return stdnse.format_output(true, response)
end

1
scripts/script.db
View File

@@ -39,6 +39,7 @@ Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive",
Entry { filename = "dpap-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "dpap-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "drda-brute.nse", categories = { "auth", "intrusive", } } Entry { filename = "drda-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } } Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "epmd-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "finger.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "finger.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "firewalk.nse", categories = { "discovery", "safe", } } Entry { filename = "firewalk.nse", categories = { "discovery", "safe", } }
Entry { filename = "ftp-anon.nse", categories = { "auth", "default", "safe", } } Entry { filename = "ftp-anon.nse", categories = { "auth", "default", "safe", } }