Symantec pcAnywhere Status Service Detection (UDP)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10006);
 script_version ("1.32");
 script_cvs_date("Date: 2019/09/25  9:17:09");

 script_name(english:"Symantec pcAnywhere Status Service Detection (UDP)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has pcAnywhere enabled." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Symantec pcAnywhere Status server, a service
used to discover pcAnywhere servers on a network." );
 script_set_attribute(attribute:"solution", value:
"Disable pcAnywhere if you do not use it, and do not allow this service to
run across the Internet." );
 script_set_attribute(attribute:"risk_factor", value:"None" );
 script_set_attribute(attribute:"plugin_publication_date", value: "1999/12/12");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:pcanywhere");
 script_end_attributes();
 
 script_summary(english:"Checks for the presence pcAnywhere Status service");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Service detection");
 script_dependencie("find_service1.nasl");


exit(0);
}


port = 5632;
if (!get_udp_port_state(port)) exit (0);

soc = open_sock_udp(port);
if (!soc) exit(0);

send (socket:soc, data:"NQ");
buf = recv(socket:soc, length:100);

if (egrep(pattern:"^NR(.*)_+A.M.*$", string:buf))
{
 hostname = ereg_replace(pattern:"^NR([^_]+)_+A.M.*$", string:buf, replace:"\1");
 report = string(
    "\n",
    "Symantec server hostname (Netbios name): ",
    hostname, "\n"
  );

 security_note(port:port, extra:report, protocol:"udp");
}