diff --git a/CHANGELOG b/CHANGELOG index 3d3626bbc..85ee75237 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added the script broadcast-wake-on-lan that wakes systems from sleep + by sending a Wake On Lan packet. [Patrik] + o [NSE] Added the script http-unsafe-output-escaping that checks if parameter contents are reflected in responses, aiding in discovering potential XSS vulnerabilities. [Martin Swende] diff --git a/scripts/broadcast-wake-on-lan.nse b/scripts/broadcast-wake-on-lan.nse new file mode 100644 index 000000000..7ec4ecfec --- /dev/null +++ b/scripts/broadcast-wake-on-lan.nse @@ -0,0 +1,67 @@ +description = [[ +Wakes a remote system up from sleep by sending a Wake-On-Lan packet. +]] + +--- +-- @usage +-- nmap --script broadcast-wake-on-lan --script-args broadcast-wake-on-lan.MAC='00:12:34:56:78:9A' +-- +-- @output +-- Pre-scan script results: +-- | broadcast-wake-on-lan: +-- |_ Sent WOL packet to: 10:9a:dd:a8:40:24 +-- +-- @args broadcast-wake-on-lan.MAC The MAC address of the remote system to wake up +-- @args broadcast-wake-on-lan.address The broadcast address to which the WoL packet is sent. +-- + +author = "Patrik Karlsson" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"broadcast", "safe"} + +local MAC = stdnse.get_script_args("broadcast-wake-on-lan.MAC") +local address = stdnse.get_script_args("broadcast-wake-on-lan.address") + +prerule = function() + -- only run if we are ipv4 and have a MAC + return (MAC ~= nil and nmap.address_family() == "inet") +end + +-- Creates the WoL packet based on the remote MAC +-- @param mac string containing the MAC without delimiters +-- @return packet string containing the raw packet +local function createWOLPacket(mac) + local packet = bin.pack("H", "FFFFFFFFFFFF") + for i=1, 16 do + packet = packet .. bin.pack("H", mac) + end + return packet +end + + +action = function() + + local MAC_hex + if ( MAC:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x") ) then + MAC_hex = MAC:gsub(":", "") + elseif( MAC:match("%x%x%-%x%x%-%x%x%-%x%x%-%x%x%-%x%x") ) then + MAC_hex = MAC:gsub("-", "") + else + return "\n ERROR: Failed to process MAC address" + end + + local host = { ip = address or "255.255.255.255" } + local port = { number = 9, protocol = "udp" } + local socket = nmap.new_socket("udp") + + -- send two packets, just in case + for i=1,2 do + local packet = createWOLPacket(MAC_hex) + local status, err = socket:sendto(host, port, packet) + if ( not(status) ) then + return "\n ERROR: Failed to send packet" + end + end + return stdnse.format_output(true, ("Sent WOL packet to: %s"):format(MAC)) +end + \ No newline at end of file diff --git a/scripts/script.db b/scripts/script.db index 806621cc1..3e9d67c1d 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -28,6 +28,7 @@ Entry { filename = "broadcast-ping.nse", categories = { "broadcast", "discovery" Entry { filename = "broadcast-rip-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-sybase-asa-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-upnp-info.nse", categories = { "broadcast", "safe", } } +Entry { filename = "broadcast-wake-on-lan.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-wsdd-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "citrix-brute-xml.nse", categories = { "auth", "intrusive", } } Entry { filename = "citrix-enum-apps-xml.nse", categories = { "discovery", "safe", } }