mirror of
https://github.com/nmap/nmap.git
synced 2025-12-07 13:11:28 +00:00
360ba052e9
http://seclists.org/nmap-dev/2012/q2/54 This patch is from Daniel Miller. He writes: I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount scripts so that they can run based on version detection information, for cases where the portmapper is firewalled. For nfs-ls and nfs-statfs, this required making a hostrule to check that both a mountd service and a nfs service were detected. In the process, I ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states that AUTH_NULL can only be used for the NULL procedure (and my Linux nfs-kernel-server was enforcing that). Other minor changes: * If running privileged, attempt to bind to a reserved port. Many NFS servers refuse to talk to source ports >1024, as a "security measure" * handle an odd case in nfs-ls where READDIRPLUS does not return file attributes. Chose to use all ?'s, but in the future maybe a direct GETATTR call? * remove reference to nfs.dirlist argument from nfs-ls doc, since it is unused
77 lines
2.2 KiB
Lua
77 lines
2.2 KiB
Lua
local rpc = require "rpc"
|
|
local shortport = require "shortport"
|
|
local stdnse = require "stdnse"
|
|
local table = require "table"
|
|
|
|
description = [[
|
|
Shows NFS exports, like the <code>showmount -e</code> command.
|
|
]]
|
|
|
|
---
|
|
-- @output
|
|
-- PORT STATE SERVICE
|
|
-- 111/tcp open rpcbind
|
|
-- | nfs-showmount:
|
|
-- | /home/storage/backup 10.46.200.0/255.255.255.0
|
|
-- |_ /home 1.2.3.4/255.255.255.255 10.46.200.0/255.255.255.0
|
|
--
|
|
|
|
-- Version 0.7
|
|
|
|
-- Created 11/23/2009 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
|
|
-- Revised 11/24/2009 - v0.2 - added RPC query to find mountd ports
|
|
-- Revised 11/24/2009 - v0.3 - added a hostrule instead of portrule
|
|
-- Revised 11/26/2009 - v0.4 - reduced packet sizes and documented them
|
|
-- Revised 01/24/2009 - v0.5 - complete rewrite, moved all NFS related code into nselib/nfs.lua
|
|
-- Revised 02/22/2009 - v0.6 - adapted to support new RPC library
|
|
-- Revised 03/13/2010 - v0.7 - converted host to port rule
|
|
|
|
|
|
author = "Patrik Karlsson"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
categories = {"discovery", "safe"}
|
|
|
|
|
|
portrule = shortport.port_or_service(111, {"rpcbind", "mountd"}, {"tcp", "udp"} )
|
|
|
|
local function get_exports(host, port)
|
|
local mnt = rpc.Mount:new()
|
|
mnt_comm = rpc.Comm:new('mountd', port.version.rpc_highver)
|
|
status, result = mnt_comm:Connect(host, port)
|
|
if ( not(status) ) then
|
|
stdnse.print_debug(4, "get_exports: %s", result)
|
|
return false, result
|
|
end
|
|
status, mounts = mnt:Export(mnt_comm)
|
|
mnt_comm:Disconnect()
|
|
if ( not(status) ) then
|
|
stdnse.print_debug(4, "get_exports: %s", mounts)
|
|
end
|
|
return status, mounts
|
|
end
|
|
|
|
action = function(host, port)
|
|
|
|
local status, mounts, proto
|
|
local result = {}
|
|
|
|
if port.service == "mountd" then
|
|
status, mounts = get_exports( host, port )
|
|
else
|
|
status, mounts = rpc.Helper.ShowMounts( host, port )
|
|
end
|
|
|
|
if not status or mounts == nil then
|
|
return stdnse.format_output(false, mounts)
|
|
end
|
|
|
|
for _, v in ipairs( mounts ) do
|
|
local entry = v.name
|
|
entry = entry .. " " .. stdnse.strjoin(" ", v)
|
|
table.insert( result, entry )
|
|
end
|
|
|
|
return stdnse.format_output( true, result )
|
|
|
|
end
|