mirror of
https://github.com/nmap/nmap.git
synced 2025-12-15 20:29:03 +00:00
6fbc8868a9
make them look better in output. The full list of changes is anonFTP => ftp-anon ASN => asn-query brutePOP3 => pop3-brute bruteTelnet => telnet-brute daytimeTest => daytime dns-safe-recursion-port => dns-random-srcport dns-safe-recursion-txid => dns-random-txid dns-test-open-recursion => dns-recursion ftpbounce => ftp-bounce HTTPAuth => http-auth HTTP_open_proxy => http-open-proxy HTTPpasswd => http-passwd HTTPtrace => http-trace iax2Detect => iax2-version ircServerInfo => irc-info ircZombieTest => irc-zombie MSSQLm => ms-sql-info MySQLinfo => mysql-info popcapa => pop3-capabilities PPTPversion => pptp-version promiscuous => sniffer-detect RealVNC_auth_bypass => realvnc-auth-bypass robots => robots.txt showHTMLTitle => html-title showOwner => identd-owners skype_v2-version => skypev2-version smb-enumdomains => smb-enum-domains smb-enumsessions => smb-enum-sessions smb-enumshares => smb-enum-shares smb-enumusers => smb-enum-users smb-serverstats => smb-server-stats smb-systeminfo => smb-system-info SMTPcommands => smtp-commands SMTP_openrelay_test => smtp-open-relay SNMPcommunitybrute => snmp-brute SNMPsysdescr => snmp-sysdescr SQLInject => sql-injection SSH-hostkey => ssh-hostkey SSHv1-support => sshv1 SSLv2-support => sslv2 strangeSMTPport => smtp-strangeport UPnP-info => upnp-info xamppDefaultPass => xampp-default-auth zoneTrans => zone-transfer
47 lines
1.2 KiB
Lua
47 lines
1.2 KiB
Lua
description = [[
|
|
Detects the UDP IAX2 service.
|
|
|
|
The script sends an IAX Control Frame POKE request and checks for a proper
|
|
response.
|
|
]]
|
|
|
|
author = "Ferdy Riphagen <f.riphagen@nsec.nl>"
|
|
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"version"}
|
|
|
|
require "comm"
|
|
require "shortport"
|
|
|
|
portrule = shortport.portnumber(4569, "udp")
|
|
|
|
action = function(host, port)
|
|
-- see http://www.cornfed.com/iax.pdf for all options.
|
|
local poke = string.char(0x80, 0x00, 0x00, 0x00)
|
|
poke = poke .. string.char(0x00, 0x00, 0x00, 0x00)
|
|
poke = poke .. string.char(0x00, 0x00, 0x06, 0x1e)
|
|
|
|
local status, recv = comm.exchange(host, port, poke, {proto=port.protocol,timeout=10000})
|
|
|
|
if not status then
|
|
return
|
|
end
|
|
|
|
if (string.len(recv)) == 12 then
|
|
local byte11 = string.format("%02X", string.byte(recv, 11))
|
|
local byte12 = string.format("%02X", string.byte(recv, 12))
|
|
|
|
-- byte11 must be \x06 IAX Control Frame
|
|
-- and byte12 must be \x03 or \x04
|
|
if ((byte11 == "06") and
|
|
(byte12 == ("03" or "04")))
|
|
then
|
|
nmap.set_port_state(host, port, "open")
|
|
port.version.name = "iax2"
|
|
nmap.set_port_version(host, port, "hardmatched")
|
|
end
|
|
|
|
end
|
|
end
|