Patrik KarlssonNMAP:BROADCAST-PC-ANYWHERE.NSEbroadcast-pc-anywhere NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN.
Script Arguments
broadcast-pc-anywhere.timeout
specifies the amount of seconds to sniff the network interface. (default varies according to timing. -T3 = 5s)
Example Usage
nmap --script broadcast-pc-anywhere
Script Output
Pre-scan script results:
| broadcast-pc-anywhere:
|_ 10.0.200.113 - WIN2K3SRV-1
Requires
local nmap = require "nmap"
local os = require "os"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN.
]]
---
-- @usage
-- nmap --script broadcast-pc-anywhere
--
-- @output
-- Pre-scan script results:
-- | broadcast-pc-anywhere:
-- |_ 10.0.200.113 - WIN2K3SRV-1
--
-- @args broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff
-- the network interface. (default varies according to timing. -T3 = 5s)
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "broadcast", "safe" }
local TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args("broadcast-pc-anywhere.timeout"))
prerule = function() return ( nmap.address_family() == "inet") end
action = function()
local host = { ip = "255.255.255.255" }
local port = { number = 5632, protocol = "udp" }
local socket = nmap.new_socket("udp")
socket:set_timeout(500)
for i=1,2 do
local status = socket:sendto(host, port, "NQ")
if ( not(status) ) then
return stdnse.format_output(false, "Failed to send broadcast request")
end
end
local timeout = TIMEOUT or ( 20 / ( nmap.timing_level() + 1 ) )
local responses = {}
local stime = os.time()
repeat
local status, data = socket:receive()
if ( status ) then
local srvname = data:match("^NR([^_]*)_*AHM_3___\0$")
if ( srvname ) then
local status, _, _, rhost, _ = socket:get_info()
if ( not(status) ) then
socket:close()
return false, "Failed to get socket information"
end
-- avoid duplicates
responses[rhost] = srvname
end
end
until( os.time() - stime > timeout )
socket:close()
local result = {}
for ip, name in pairs(responses) do
table.insert(result, ("%s - %s"):format(ip,name))
end
return stdnse.format_output(true, result)
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%