Add murmur-version script from Marin Maržić.

http://seclists.org/nmap-dev/2012/q4/408

CHANGELOG

@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added murmur-version by Marin Maržić. This gets teh server
+  version and other information for Murmur, the server for the Mumble
+  VoIP system.
+
 o [Zenmap] Fixed a crash that could be caused by opening the About
   dialog, using the window manager to close it, and opening it again.
   This was reported by Yashartha Chaturvedi and Jordan Schroeder.

scripts/murmur-version.nse

@@ -0,0 +1,78 @@
+local bin = require "bin"
+local comm = require "comm"
+local shortport = require "shortport"
+
+description = [[
+Detects the Murmur service (server for the Mumble voice communication
+client) version 1.2.0 and above.
+
+The Murmur server listens on a TCP (control) and an UDP (voice) port
+with the same port number. This script activates on both a TCP and UDP
+port version scan. In both cases probe data is sent only to the UDP
+port because it allows for a simple and informative ping command.
+
+The single probe will report on the server version, current user
+count, maximum users allowed on the server, and bandwidth used for
+voice communication. It is used by the Mumble client to ping known
+Murmur servers.
+
+The IP address from which service detection is being ran will most
+likely be temporarily banned by the target Murmur server due to
+multiple incorrect handshakes (Nmap service probes). This ban makes
+identifying the service via TCP impossible in practice, but does not
+affect the UDP probe used by this script.
+
+It is possible to get a corrupt user count (usually +1) when doing a
+TCP service scan due to previous service probe connections affecting
+the server.
+]]
+
+-- @output
+-- PORT      STATE SERVICE VERSION
+-- 64740/tcp open  murmur  Murmur 1.2.4 (Voice comm. server for Mumble (control port) (users: 35, max. users: 100, bandwidth: 72000 bit/s))
+-- 64740/udp open  murmur  Murmur 1.2.4 (Voice comm. server for Mumble (voice port) (users: 35, max. users: 100, bandwidth: 72000 bit/s))
+
+author = "Marin Maržić"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = { "version" }
+
+portrule = function(host, port)
+    return (port.service == nil or port.service == "" or
+            port.service == "unknown")
+        and (port.state == "open" or port.state == "open|filtered")
+        and not shortport.port_is_excluded(port.number, "udp")
+end
+
+action = function(host, port)
+    local status, result = comm.exchange(
+        host, port, "\0\0\0\0abcdefgh", { proto = "udp", timeout = 3000 })
+    if (not status) then
+        return
+    end
+
+    if not string.match(result, "^%z...abcdefgh............$") then
+        return
+    end
+    -- Detected; extract relevant data
+    local _, v_a, v_b, v_c, _, users, maxusers, bandwidth = bin.unpack(
+        ">CCCLIII", result, 2)
+
+    port.version.name = "murmur"
+    port.version.name_confidence = 10
+    port.version.product = "Murmur"
+    port.version.version = v_a .. "." .. v_b .. "." .. v_c
+    -- Set extra info depending on protocol and set port state to "open" if UDP
+    if port.protocol == "tcp" then
+        portinfo = "control"
+    else
+        portinfo = "voice"
+        nmap.set_port_state(host, port, "open")
+    end
+    port.version.extrainfo = "Voice comm. server for Mumble (" .. portinfo ..
+        " port) (users: " .. users .. ", max. users: " .. maxusers ..
+        ", bandwidth: " .. bandwidth .. " bit/s)"
+
+    nmap.set_port_version(host, port, "hardmatched")
+
+    return
+end

scripts/script.db

@@ -269,6 +269,7 @@ Entry { filename = "ms-sql-tables.nse", categories = { "discovery", "safe", } }
 Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } }
 Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } }
 Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } }
+Entry { filename = "murmur-version.nse", categories = { "version", } }
 Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } }
 Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } }