Patrik KarlssonNMAP:BROADCAST-DNS-SERVICE-DISCOVERY.NSEbroadcast-dns-service-discovery NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Attempts to discover hosts’ services using the DNS Service Discovery protocol. It sends a multicast DNS-SD query and collects all the responses.
The script first sends a query for _services._dns-sd._udp.local to get a list of services. It then sends a followup query for each one to try to get more information.
Script Arguments
max-newtargets, newtargets
See the documentation for the target library.
dnssd.services
See the documentation for the dnssd library.
Example Usage
nmap --script=broadcast-dns-service-discovery
Script Output
| broadcast-dns-service-discovery:
| 1.2.3.1
| _ssh._tcp.local
| _http._tcp.local
| 1.2.3.50
| 22/tcp ssh
| org.freedesktop.Avahi.cookie=2292090182
| Address=1.2.3.50
| 80/tcp http
| path=/admin
| org.freedesktop.Avahi.cookie=2292090182
| path=/
| org.freedesktop.Avahi.cookie=2292090182
| path=/pim
| org.freedesktop.Avahi.cookie=2292090182
| Address=1.2.3.50
| 1.2.3.116
| 80/tcp http
|_ Address=1.2.3.116
Requires
local dnssd = require "dnssd"
local stdnse = require "stdnse"
description=[[
Attempts to discover hosts' services using the DNS Service Discovery protocol. It sends a multicast DNS-SD query and collects all the responses.
The script first sends a query for _services._dns-sd._udp.local to get a
list of services. It then sends a followup query for each one to try to
get more information.
]]
---
-- @usage
-- nmap --script=broadcast-dns-service-discovery
--
-- @output
-- | broadcast-dns-service-discovery:
-- | 1.2.3.1
-- | _ssh._tcp.local
-- | _http._tcp.local
-- | 1.2.3.50
-- | 22/tcp ssh
-- | org.freedesktop.Avahi.cookie=2292090182
-- | Address=1.2.3.50
-- | 80/tcp http
-- | path=/admin
-- | org.freedesktop.Avahi.cookie=2292090182
-- | path=/
-- | org.freedesktop.Avahi.cookie=2292090182
-- | path=/pim
-- | org.freedesktop.Avahi.cookie=2292090182
-- | Address=1.2.3.50
-- | 1.2.3.116
-- | 80/tcp http
-- |_ Address=1.2.3.116
-- Version 0.1
-- Created 10/29/2010 - v0.1 - created by Patrik Karlsson <[email protected]>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
prerule = function() return true end
action = function()
local helper = dnssd.Helper:new( )
helper:setMulticast(true)
local status, result = helper:queryServices()
if ( status ) then
return stdnse.format_output(true, result)
end
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%