From f4fb91912d975f20499b4d903a14491471522398 Mon Sep 17 00:00:00 2001 From: dmiller Date: Mon, 16 Nov 2020 21:41:46 +0000 Subject: [PATCH] New script port-states expands hidden port state summaries --- CHANGELOG | 4 ++ scripts/port-states.nse | 86 +++++++++++++++++++++++++++++++++++++++++ scripts/script.db | 1 + 3 files changed, 91 insertions(+) create mode 100644 scripts/port-states.nse diff --git a/CHANGELOG b/CHANGELOG index 137ae8e3f..2b4f70538 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ #Nmap Changelog ($Id$); -*-text-*- +o New script port-states will print a list of ports that were found in each + state, including states that were summarized as "Not shown: X closed ports" + [Daniel Miller] + o New Nmap option --unique will prevent Nmap from scanning the same IP address twice, which can happen when different names resolve to the same address. [Daniel Miller] diff --git a/scripts/port-states.nse b/scripts/port-states.nse new file mode 100644 index 000000000..0460016fd --- /dev/null +++ b/scripts/port-states.nse @@ -0,0 +1,86 @@ +local table = require "table" +local nmap = require "nmap" +local stdnse = require "stdnse" + +description = [[ +Prints a list of ports found in each state. + +Nmap ordinarily summarizes "uninteresting" ports as "Not shown: 94 closed +ports, 4 filtered ports" but users may want to know which ports were filtered +vs which were closed. This script will expand these summaries into a list of +ports and port ranges that were found in each state. +]] + +--- +-- @output +-- Host script results: +-- | port-states: +-- | tcp: +-- | open: 22,631 +-- | closed: 7,9,13,21,23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152,9,17,19,49,53,67,69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 +-- | udp: +-- | open|filtered: 68,631,5353 +-- |_ closed: 7,9,17,19,49,53,67,69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 +-- +-- @xmloutput +-- +-- 22,631 +-- 7,9,13,21,23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152,9,17,19,49,53,67,69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 +--
+-- +-- 68,631,5353 +-- 7,9,17,19,49,53,67,69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 +--
+ +author = "Daniel Miller" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = { "safe" } + +-- the hostrule iterates over open ports for the host +hostrule = function() return true end + +local states = { + "open", + "open|filtered", + "filtered", + "unfiltered", + "closed", + "closed|filtered" +} +local protos = { + "tcp", "udp", "sctp" +} + +action = function(host) + local out = stdnse.output_table() + for _, p in ipairs(protos) do + local proto_out = stdnse.output_table() + for _, s in ipairs(states) do + local t = {} + local port = nmap.get_ports(host, nil, p, s) + while port do + local rstart = port.number + local prev + repeat + prev = port.number + port = nmap.get_ports(host, port, p, s) + if not port then break end + until (port.number > prev + 1) + if prev > rstart then + t[#t+1] = ("%d-%d"):format(rstart, prev) + else + t[#t+1] = tostring(rstart) + end + end + if #t > 0 then + proto_out[s] = table.concat(t, ",") + end + end + if #proto_out > 0 then + out[p] = proto_out + end + end + if #out > 0 then + return out + end +end diff --git a/scripts/script.db b/scripts/script.db index 2b2965aa7..f46fe138c 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -426,6 +426,7 @@ Entry { filename = "pjl-ready-message.nse", categories = { "intrusive", } } Entry { filename = "pop3-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "pop3-ntlm-info.nse", categories = { "default", "discovery", "safe", } } +Entry { filename = "port-states.nse", categories = { "safe", } } Entry { filename = "pptp-version.nse", categories = { "version", } } Entry { filename = "puppet-naivesigning.nse", categories = { "intrusive", "vuln", } } Entry { filename = "qconn-exec.nse", categories = { "exploit", "intrusive", "vuln", } }