Patrik KarlssonNMAP:BROADCAST-NETWORKER-DISCOVER.NSEbroadcast-networker-discover NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Discovers EMC Networker backup software servers on a LAN by sending a network broadcast query.
Script Arguments
mount.version, nfs.version, rpc.protocol
See the documentation for the rpc library.
Example Usage
nmap --script broadcast-networker-discover
Script Output
Pre-scan script results:
| broadcast-networker-discover:
|_ 10.20.30.40
Requires
local nmap = require "nmap"
local rpc = require "rpc"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Discovers EMC Networker backup software servers on a LAN by sending a network broadcast query.
]]
---
-- @usage nmap --script broadcast-networker-discover
--
-- @output
-- Pre-scan script results:
-- | broadcast-networker-discover:
-- |_ 10.20.30.40
--
--
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
prerule = function() return true end
local function Callit( host, port, program, protocol )
local results = {}
local portmap, comm = rpc.Portmap:new(), rpc.Comm:new('rpcbind', 2)
local status, result = comm:Connect(host, port)
if (not(status)) then
return false, result
end
comm.socket:set_timeout(10000)
status, result = portmap:Callit(comm, program, protocol, 2 )
if ( not(status) ) then
return false, result
end
while ( status ) do
local _, rhost
status, _, _, rhost, _ = comm:GetSocketInfo()
if (not(status)) then
return false, "Failed to get socket information"
end
if ( status ) then
table.insert(results, rhost)
end
status, result = comm:ReceivePacket()
end
comm:Disconnect()
return true, results
end
action = function()
local results = {}
local ip = ( nmap.address_family() == "inet" ) and "255.255.255.255" or "ff02::202"
local iface = nmap.get_interface()
-- handle problematic sends on OS X requiring the interface to be
-- supplied as part of IPv6
if ( iface and nmap.address_family() == "inet6" ) then
ip = ip .. "%" .. iface
end
for _, port in ipairs({7938,111}) do
local host, port = { ip = ip }, { number = port, protocol = "udp" }
local status
status, results = Callit( host, port, "nsrstat", "udp" )
-- warn about problematic sends on OS X requiring the interface to be
-- supplied as part of IPv6
if ( not(status) and results == "Portmap.Callit: Failed to send data" ) then
return stdnse.format_output(false, "Failed sending data, try supplying the correct interface using -e")
end
if ( status ) then
break
end
end
if ( "table" == type(results) and 0 < #results ) then
return stdnse.format_output(true, results)
end
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%