diff --git a/CHANGELOG b/CHANGELOG index 5f20fcaab..ed39230b6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added the script broadcast-networker-discover that discoverer EMC + Networker servers on the LAN. [Patrik] + o [NSE] Added RPC Call CALLIT to the RPC library and modified UDP sockets to be unconnected in order to support broadcast. [Patrik] diff --git a/scripts/broadcast-networker-discover.nse b/scripts/broadcast-networker-discover.nse new file mode 100644 index 000000000..bc9009172 --- /dev/null +++ b/scripts/broadcast-networker-discover.nse @@ -0,0 +1,91 @@ +description = [[ +Discovers the server for EMC Networker backup software on the LAN by +using network broadcasts. +]] + +--- +-- @usage nmap --script broadcast-networker-discover +-- +-- @output +-- Pre-scan script results: +-- | broadcast-networker-discover: +-- |_ 10.20.30.40 +-- +-- + +author = "Patrik Karlsson" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"broadcast", "safe"} + +require 'rpc' + +prerule = function() return true end + +local function Callit( host, port, program, protocol ) + + local results = {} + local portmap, comm = rpc.Portmap:new(), rpc.Comm:new('rpcbind', 2) + + local status, result = comm:Connect(host, port) + if (not(status)) then + return false, result + end + + comm.socket:set_timeout(10000) + status, result = portmap:Callit(comm, program, protocol, 2 ) + if ( not(status) ) then + return false, result + end + + while ( status ) do + local _, rhost + status, _, _, rhost, _ = comm:GetSocketInfo() + if (not(status)) then + return false, "Failed to get socket information" + end + + if ( status ) then + table.insert(results, rhost) + end + + status, result = comm:ReceivePacket() + end + + comm:Disconnect() + return true, results +end + +local function fail(err) return ("\n ERROR: %s"):format(err or "") end + +action = function() + + local results = {} + local ip = ( nmap.address_family() == "inet" ) and "255.255.255.255" or "ff02::202" + local iface = nmap.get_interface() + + -- handle problematic sends on OS X requiring the interface to be + -- supplied as part of IPv6 + if ( iface and nmap.address_family() == "inet6" ) then + ip = ip .. "%" .. iface + end + + for _, port in ipairs({7938,111}) do + local host, port = { ip = ip }, { number = port, protocol = "udp" } + local status + status, results = Callit( host, port, "nsrstat", "udp" ) + + -- warn about problematic sends on OS X requiring the interface to be + -- supplied as part of IPv6 + if ( not(status) and results == "Portmap.Callit: Failed to send data" ) then + return fail("Failed sending data, try supplying the correct interface using -e") + end + + if ( status ) then + break + end + end + + if ( "table" == type(results) and 0 < #results ) then + return stdnse.format_output(true, results) + end +end \ No newline at end of file diff --git a/scripts/script.db b/scripts/script.db index 31abfe828..15d73be97 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -25,6 +25,7 @@ Entry { filename = "broadcast-dropbox-listener.nse", categories = { "broadcast", Entry { filename = "broadcast-listener.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-ms-sql-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-netbios-master-browser.nse", categories = { "broadcast", "safe", } } +Entry { filename = "broadcast-networker-discover.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-novell-locate.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-pc-anywhere.nse", categories = { "broadcast", "safe", } } Entry { filename = "broadcast-pc-duo.nse", categories = { "broadcast", "safe", } }