PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity

New MQTT script and library. Closes #352

Browse Source
This commit is contained in:
dmiller
2016-09-07 20:01:47 +00:00
parent 7e002ec389
commit ee97c8f2a9
6 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE][GH#352] New script: mqtt-subscribe connects to a MQTT broker, subscribes to
topics, and lists the messages received. [Mak Kolybabi]
o [NSE] New script: fox-info retrieves detailed version and configuration info o [NSE] New script: fox-info retrieves detailed version and configuration info
from Tridium Niagara Fox services. [Stephen Hilt] from Tridium Niagara Fox services. [Stephen Hilt]

13
nmap-service-probes
View File

@@ -12303,7 +12303,7 @@ softmatch ftp m|^220[\s-].*ftp[^\r]*\r\n214[\s-]|i
# TLSv1-only servers, based on a failed handshake alert. # TLSv1-only servers, based on a failed handshake alert.
Probe TCP SSLSessionReq q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0| Probe TCP SSLSessionReq q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
rarity 1 rarity 1
ports 322,443,444,465,548,636,989,990,992,993,994,995,1241,1311,1443,2000,2252,2443,3443,4433,4443,4444,4911,5061,5443,5550,6443,7210,7272,7443,8009,8181,8194,8443,9001,9443,10443,14443,44443,60443 ports 322,443,444,465,548,636,989,990,992,993,994,995,1241,1311,1443,2000,2252,2443,3443,4433,4443,4444,4911,5061,5443,5550,6443,7210,7272,7443,8009,8181,8194,8443,8883,9001,9443,10443,14443,44443,60443
fallback GetRequest fallback GetRequest
match adabas m|^,\0,\0\x03\x02\0\0G\xd7\xf7\xbaO\x03\0\?\x05\0\0\0\0\x02\x18\0\xfd\x0b\0\0<=\xdbo\xef\x10n \xd5\x96\xc8w\x9b\xe6\xc4\xdb$| p/ADABAS database/ match adabas m|^,\0,\0\x03\x02\0\0G\xd7\xf7\xbaO\x03\0\?\x05\0\0\0\0\x02\x18\0\xfd\x0b\0\0<=\xdbo\xef\x10n \xd5\x96\xc8w\x9b\xe6\xc4\xdb$| p/ADABAS database/
@@ -12489,7 +12489,7 @@ match xamarin m|^ERROR: Another instance is running\n| p/Xamarin MonoTouch/
Probe TCP TLSSessionReq q|\x16\x03\0\0\x69\x01\0\0\x65\x03\x03U\x1c\xa7\xe4random1random2random3random4\0\0\x0c\0/\0\x0a\0\x13\x009\0\x04\0\xff\x01\0\0\x30\0\x0d\0,\0*\0\x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\x05\x03\x05\x02| Probe TCP TLSSessionReq q|\x16\x03\0\0\x69\x01\0\0\x65\x03\x03U\x1c\xa7\xe4random1random2random3random4\0\0\x0c\0/\0\x0a\0\x13\x009\0\x04\0\xff\x01\0\0\x30\0\x0d\0,\0*\0\x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\x05\x03\x05\x02|
rarity 1 rarity 1
# port 3389 not listed because we can't figure out what to send to it after negotiating TLS # port 3389 not listed because we can't figure out what to send to it after negotiating TLS
ports 443,444,465,636,989,990,992,993,994,995,1241,1311,2252,4433,4444,5061,6679,6697,8443,9001 ports 443,444,465,636,989,990,992,993,994,995,1241,1311,2252,4433,4444,5061,6679,6697,8443,8883,9001
fallback GetRequest fallback GetRequest
# SSLv3 - TLSv1.2 ServerHello # SSLv3 - TLSv1.2 ServerHello
@@ -14972,3 +14972,12 @@ sslports 4911
match niagara-fox m|^fox a 0 -1 fox hello\n\{\nfox\.version=s:([\d.]+)\nid=i:\d+.*\napp\.name=s:Station\napp\.version=s:([\d.]+)\n|s p/Tridium Niagara/ v/$2/ i/fox version $1/ match niagara-fox m|^fox a 0 -1 fox hello\n\{\nfox\.version=s:([\d.]+)\nid=i:\d+.*\napp\.name=s:Station\napp\.version=s:([\d.]+)\n|s p/Tridium Niagara/ v/$2/ i/fox version $1/
softmatch niagara-fox m|^fox a 0| softmatch niagara-fox m|^fox a 0|
##############################NEXT PROBE##############################
# MQTT v3.1.1 CONNECT
Probe TCP mqtt q|\x10\x10\x00\x04MQTT\x04\x02\x00\x1e\x00\x04nmap|
rarity 9
ports 1883
sslports 8883
match mqtt m|^\x20\x02\x00.$|

2
nmap-services
View File

@@ -2628,6 +2628,7 @@ canocentral0 1871/udp 0.000330 # Cano Central 0
fjmpjps 1873/udp 0.000330 # Fjmpjps fjmpjps 1873/udp 0.000330 # Fjmpjps
westell-stats 1875/tcp 0.000152 # westell stats westell-stats 1875/tcp 0.000152 # westell stats
westell-stats 1875/udp 0.000330 # westell stats westell-stats 1875/udp 0.000330 # westell stats
mqtt 1883/tcp 0.000330 # Message Queuing Telemetry Transport Protocol
ibm-mqisdp 1883/udp 0.000330 # IBM MQSeries SCADA ibm-mqisdp 1883/udp 0.000330 # IBM MQSeries SCADA
idmaps 1884/udp 0.000661 # Internet Distance Map Svc idmaps 1884/udp 0.000661 # Internet Distance Map Svc
vrtstrapserver 1885/udp 0.003304 # Veritas Trap Server vrtstrapserver 1885/udp 0.003304 # Veritas Trap Server
@@ -5591,6 +5592,7 @@ unknown 8878/tcp 0.000076
unknown 8879/tcp 0.000076 unknown 8879/tcp 0.000076
cddbp-alt 8880/tcp 0.000076 # CDDBP cddbp-alt 8880/tcp 0.000076 # CDDBP
unknown 8882/tcp 0.000076 unknown 8882/tcp 0.000076
secure-mqtt 8883/tcp 0.000076 # Secure MQTT
unknown 8885/udp 0.000330 unknown 8885/udp 0.000330
unknown 8886/udp 0.000330 unknown 8886/udp 0.000330
unknown 8887/tcp 0.000076 unknown 8887/tcp 0.000076

1
nselib/shortport.lua
View File

@@ -202,6 +202,7 @@ local LIKELY_SSL_PORTS = {
6697, 6697,
8443, -- https-alt 8443, -- https-alt
9001, -- tor-orport 9001, -- tor-orport
8883, -- secure-mqtt
} }
local LIKELY_SSL_SERVICES = { local LIKELY_SSL_SERVICES = {
"ftps", "ftps-data", "ftps-control", "https", "https-alt", "imaps", "ircs", "ftps", "ftps-data", "ftps-control", "https", "https-alt", "imaps", "ircs",

1
nselib/unittest.lua
View File

@@ -78,6 +78,7 @@ local libs = {
"membase", "membase",
"mobileme", "mobileme",
"mongodb", "mongodb",
"mqtt",
"msrpc", "msrpc",
"msrpcperformance", "msrpcperformance",
"msrpctypes", "msrpctypes",

1
scripts/script.db
View File

@@ -318,6 +318,7 @@ Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive
Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mqtt-subscribe.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } } Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } } Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }