New MQTT script and library. Closes #352

2025-12-06 12:41:29 +00:00 · 2016-09-07 20:01:47 +00:00
parent 7e002ec389
commit ee97c8f2a9
6 changed files with 19 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#352] New script: mqtt-subscribe connects to a MQTT broker, subscribes to
+  topics, and lists the messages received. [Mak Kolybabi]
+
 o [NSE] New script: fox-info retrieves detailed version and configuration info
  from Tridium Niagara Fox services. [Stephen Hilt]

--- a/13
+++ b/13
@@ -12303,7 +12303,7 @@ softmatch ftp m|^220[\s-].*ftp[^\r]*\r\n214[\s-]|i
 # TLSv1-only servers, based on a failed handshake alert.
 Probe TCP SSLSessionReq q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
 rarity 1
-ports 322,443,444,465,548,636,989,990,992,993,994,995,1241,1311,1443,2000,2252,2443,3443,4433,4443,4444,4911,5061,5443,5550,6443,7210,7272,7443,8009,8181,8194,8443,9001,9443,10443,14443,44443,60443
+ports 322,443,444,465,548,636,989,990,992,993,994,995,1241,1311,1443,2000,2252,2443,3443,4433,4443,4444,4911,5061,5443,5550,6443,7210,7272,7443,8009,8181,8194,8443,8883,9001,9443,10443,14443,44443,60443
 fallback GetRequest

 match adabas m|^,\0,\0\x03\x02\0\0G\xd7\xf7\xbaO\x03\0\?\x05\0\0\0\0\x02\x18\0\xfd\x0b\0\0<=\xdbo\xef\x10n \xd5\x96\xc8w\x9b\xe6\xc4\xdb$| p/ADABAS database/
@@ -12489,7 +12489,7 @@ match xamarin m|^ERROR: Another instance is running\n| p/Xamarin MonoTouch/
 Probe TCP TLSSessionReq q|\x16\x03\0\0\x69\x01\0\0\x65\x03\x03U\x1c\xa7\xe4random1random2random3random4\0\0\x0c\0/\0\x0a\0\x13\x009\0\x04\0\xff\x01\0\0\x30\0\x0d\0,\0*\0\x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\x05\x03\x05\x02|
 rarity 1
 # port 3389 not listed because we can't figure out what to send to it after negotiating TLS
-ports 443,444,465,636,989,990,992,993,994,995,1241,1311,2252,4433,4444,5061,6679,6697,8443,9001
+ports 443,444,465,636,989,990,992,993,994,995,1241,1311,2252,4433,4444,5061,6679,6697,8443,8883,9001
 fallback GetRequest

 # SSLv3 - TLSv1.2 ServerHello
@@ -14972,3 +14972,12 @@ sslports 4911

 match niagara-fox m|^fox a 0 -1 fox hello\n\{\nfox\.version=s:([\d.]+)\nid=i:\d+.*\napp\.name=s:Station\napp\.version=s:([\d.]+)\n|s p/Tridium Niagara/ v/$2/ i/fox version $1/
 softmatch niagara-fox m|^fox a 0|
+
+##############################NEXT PROBE##############################
+# MQTT v3.1.1 CONNECT
+Probe TCP mqtt q|\x10\x10\x00\x04MQTT\x04\x02\x00\x1e\x00\x04nmap|
+rarity 9
+ports 1883
+sslports 8883
+
+match mqtt m|^\x20\x02\x00.$|
--- a/2
+++ b/2
@@ -2628,6 +2628,7 @@ canocentral0	1871/udp	0.000330	# Cano Central 0
 fjmpjps	1873/udp	0.000330	# Fjmpjps
 westell-stats	1875/tcp	0.000152	# westell stats
 westell-stats	1875/udp	0.000330	# westell stats
+mqtt	1883/tcp	0.000330	# Message Queuing Telemetry Transport Protocol
 ibm-mqisdp	1883/udp	0.000330	# IBM MQSeries SCADA
 idmaps	1884/udp	0.000661	# Internet Distance Map Svc
 vrtstrapserver	1885/udp	0.003304	# Veritas Trap Server
@@ -5591,6 +5592,7 @@ unknown	8878/tcp	0.000076
 unknown	8879/tcp	0.000076
 cddbp-alt	8880/tcp	0.000076	# CDDBP
 unknown	8882/tcp	0.000076
+secure-mqtt	8883/tcp	0.000076	# Secure MQTT
 unknown	8885/udp	0.000330
 unknown	8886/udp	0.000330
 unknown	8887/tcp	0.000076
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -202,6 +202,7 @@ local LIKELY_SSL_PORTS = {
  6697,
  8443, -- https-alt
  9001, -- tor-orport
+  8883, -- secure-mqtt
 }
 local LIKELY_SSL_SERVICES = {
  "ftps", "ftps-data", "ftps-control", "https", "https-alt", "imaps", "ircs",
--- a/nselib/unittest.lua
+++ b/nselib/unittest.lua
@@ -78,6 +78,7 @@ local libs = {
 "membase",
 "mobileme",
 "mongodb",
+"mqtt",
 "msrpc",
 "msrpcperformance",
 "msrpctypes",
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -318,6 +318,7 @@ Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive
 Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
+Entry { filename = "mqtt-subscribe.nse", categories = { "discovery", "safe", "version", } }
 Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } }
 Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }