PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-20 14:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Add murmur-version script from Marin Maržić.

Browse Source 
http://seclists.org/nmap-dev/2012/q4/408
This commit is contained in:
david
2012-12-11 05:34:01 +00:00
parent 70ac55c67b
commit eef7155ee1
3 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added murmur-version by Marin Maržić. This gets teh server
version and other information for Murmur, the server for the Mumble
VoIP system.
o [Zenmap] Fixed a crash that could be caused by opening the About o [Zenmap] Fixed a crash that could be caused by opening the About
dialog, using the window manager to close it, and opening it again. dialog, using the window manager to close it, and opening it again.
This was reported by Yashartha Chaturvedi and Jordan Schroeder. This was reported by Yashartha Chaturvedi and Jordan Schroeder.

78
scripts/murmur-version.nse Normal file
View File

@@ -0,0 +1,78 @@
local bin = require "bin"
local comm = require "comm"
local shortport = require "shortport"
description = [[
Detects the Murmur service (server for the Mumble voice communication
client) version 1.2.0 and above.
The Murmur server listens on a TCP (control) and an UDP (voice) port
with the same port number. This script activates on both a TCP and UDP
port version scan. In both cases probe data is sent only to the UDP
port because it allows for a simple and informative ping command.
The single probe will report on the server version, current user
count, maximum users allowed on the server, and bandwidth used for
voice communication. It is used by the Mumble client to ping known
Murmur servers.
The IP address from which service detection is being ran will most
likely be temporarily banned by the target Murmur server due to
multiple incorrect handshakes (Nmap service probes). This ban makes
identifying the service via TCP impossible in practice, but does not
affect the UDP probe used by this script.
It is possible to get a corrupt user count (usually +1) when doing a
TCP service scan due to previous service probe connections affecting
the server.
]]
-- @output
-- PORT STATE SERVICE VERSION
-- 64740/tcp open murmur Murmur 1.2.4 (Voice comm. server for Mumble (control port) (users: 35, max. users: 100, bandwidth: 72000 bit/s))
-- 64740/udp open murmur Murmur 1.2.4 (Voice comm. server for Mumble (voice port) (users: 35, max. users: 100, bandwidth: 72000 bit/s))
author = "Marin Maržić"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = { "version" }
portrule = function(host, port)
return (port.service == nil or port.service == "" or
port.service == "unknown")
and (port.state == "open" or port.state == "open|filtered")
and not shortport.port_is_excluded(port.number, "udp")
end
action = function(host, port)
local status, result = comm.exchange(
host, port, "\0\0\0\0abcdefgh", { proto = "udp", timeout = 3000 })
if (not status) then
return
end
if not string.match(result, "^%z...abcdefgh............$") then
return
end
-- Detected; extract relevant data
local _, v_a, v_b, v_c, _, users, maxusers, bandwidth = bin.unpack(
">CCCLIII", result, 2)
port.version.name = "murmur"
port.version.name_confidence = 10
port.version.product = "Murmur"
port.version.version = v_a .. "." .. v_b .. "." .. v_c
-- Set extra info depending on protocol and set port state to "open" if UDP
if port.protocol == "tcp" then
portinfo = "control"
else
portinfo = "voice"
nmap.set_port_state(host, port, "open")
end
port.version.extrainfo = "Voice comm. server for Mumble (" .. portinfo ..
" port) (users: " .. users .. ", max. users: " .. maxusers ..
", bandwidth: " .. bandwidth .. " bit/s)"
nmap.set_port_version(host, port, "hardmatched")
return
end

1
scripts/script.db
View File

@@ -269,6 +269,7 @@ Entry { filename = "ms-sql-tables.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } } Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } }
Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } } Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } }
Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } } Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "murmur-version.nse", categories = { "version", } }
Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } } Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } }
Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } } Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } }