o [NSE] Added the script broadcast-wake-on-lan that wakes systems from sleep

by sending a Wake On Lan packet. [Patrik]
2025-12-10 17:59:04 +00:00 · 2011-12-16 18:00:34 +00:00
parent 149ff73451
commit f749c7cd45
3 changed files with 71 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE] Added the script broadcast-wake-on-lan that wakes systems from sleep
+  by sending a Wake On Lan packet. [Patrik]
+
 o [NSE] Added the script http-unsafe-output-escaping that checks if parameter
  contents are reflected in responses, aiding in discovering potential XSS
  vulnerabilities. [Martin Swende]
--- a/scripts/broadcast-wake-on-lan.nse
+++ b/scripts/broadcast-wake-on-lan.nse
@@ -0,0 +1,67 @@
+description = [[
+Wakes a remote system up from sleep by sending a Wake-On-Lan packet.
+]]
+
+---
+-- @usage
+-- nmap --script broadcast-wake-on-lan --script-args broadcast-wake-on-lan.MAC='00:12:34:56:78:9A'
+--
+-- @output
+-- Pre-scan script results:
+-- | broadcast-wake-on-lan: 
+-- |_  Sent WOL packet to: 10:9a:dd:a8:40:24
+--
+-- @args broadcast-wake-on-lan.MAC The MAC address of the remote system to wake up
+-- @args broadcast-wake-on-lan.address The broadcast address to which the WoL packet is sent.
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"broadcast", "safe"}
+
+local MAC = stdnse.get_script_args("broadcast-wake-on-lan.MAC")
+local address = stdnse.get_script_args("broadcast-wake-on-lan.address")
+
+prerule = function()
+	-- only run if we are ipv4 and have a MAC
+	return (MAC ~= nil and nmap.address_family() == "inet")
+end
+
+-- Creates the WoL packet based on the remote MAC
+-- @param mac string containing the MAC without delimiters
+-- @return packet string containing the raw packet
+local function createWOLPacket(mac)
+	local packet = bin.pack("H", "FFFFFFFFFFFF")
+	for i=1, 16 do
+		packet = packet .. bin.pack("H", mac)
+	end
+	return packet
+end
+
+
+action = function()
+
+	local MAC_hex
+	if ( MAC:match("%x%x:%x%x:%x%x:%x%x:%x%x:%x%x") ) then
+		MAC_hex = MAC:gsub(":", "")
+	elseif( MAC:match("%x%x%-%x%x%-%x%x%-%x%x%-%x%x%-%x%x") ) then
+		MAC_hex = MAC:gsub("-", "")
+	else
+		return "\n  ERROR: Failed to process MAC address"
+	end
+	
+	local host = { ip = address or "255.255.255.255" }
+	local port = { number = 9, protocol = "udp" }
+	local socket = nmap.new_socket("udp")
+
+	-- send two packets, just in case
+	for i=1,2 do
+		local packet = createWOLPacket(MAC_hex)
+		local status, err = socket:sendto(host, port, packet)
+		if ( not(status) ) then
+			return "\n  ERROR: Failed to send packet"
+		end
+	end
+	return stdnse.format_output(true, ("Sent WOL packet to: %s"):format(MAC))
+end
+	
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -28,6 +28,7 @@ Entry { filename = "broadcast-ping.nse", categories = { "broadcast", "discovery"
 Entry { filename = "broadcast-rip-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-sybase-asa-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-upnp-info.nse", categories = { "broadcast", "safe", } }
+Entry { filename = "broadcast-wake-on-lan.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "broadcast-wsdd-discover.nse", categories = { "broadcast", "safe", } }
 Entry { filename = "citrix-brute-xml.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "citrix-enum-apps-xml.nse", categories = { "discovery", "safe", } }