Lucene search

K
nmapVlatko KosturjakNMAP:CASSANDRA-INFO.NSE
HistorySep 20, 2012 - 6:30 a.m.

cassandra-info NSE Script

2012-09-2006:30:48
Vlatko Kosturjak
nmap.org
144

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Attempts to get basic info and server status from a Cassandra database.

For more information about Cassandra, see: <http://cassandra.apache.org/&gt;

Script Arguments

creds.[service], creds.global

See the documentation for the creds library.

Example Usage

nmap -p 9160 &lt;ip&gt; --script=cassandra-info

Script Output

PORT     STATE SERVICE   REASON
9160/tcp open  cassandra syn-ack
| cassandra-info:
|   Cluster name: Test Cluster
|_  Version: 19.10.0

Requires


local creds = require "creds"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"

local cassandra = stdnse.silent_require "cassandra"

description = [[
Attempts to get basic info and server status from a Cassandra database.

For more information about Cassandra, see:
http://cassandra.apache.org/
]]

---
-- @usage
-- nmap -p 9160 <ip> --script=cassandra-info
--
-- @output
-- PORT     STATE SERVICE   REASON
-- 9160/tcp open  cassandra syn-ack
-- | cassandra-info:
-- |   Cluster name: Test Cluster
-- |_  Version: 19.10.0
--
-- @xmloutput
-- <elem key="Cluster name">Test Cluster</elem>
-- <elem key="Version">19.10.0</elem>

-- version 0.1
-- Created 14/09/2012 - v0.1 - created by Vlatko Kosturjak <[email protected]>

author = "Vlatko Kosturjak"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

dependencies = {"cassandra-brute"}

portrule = shortport.port_or_service({9160}, {"cassandra"})

function action(host,port)

  local socket = nmap.new_socket()
  local cassinc = 2 -- cmd/resp starts at 2

  -- set a reasonable timeout value
  socket:set_timeout(10000)
  -- do some exception  / cleanup
  local catch = function()
    socket:close()
  end

  local try = nmap.new_try(catch)

  try( socket:connect(host, port) )

  local results = stdnse.output_table()

  -- ugliness to allow creds.cassandra to work, as the port is not recognized
  -- as cassandra even when service scan was run, taken from mongodb
  local ps = port.service
  port.service = 'cassandra'
  local c = creds.Credentials:new(creds.ALL_DATA, host, port)
  for cred in c:getCredentials(creds.State.VALID + creds.State.PARAM) do
    local status, err = cassandra.login(socket, cred.user, cred.pass)
    results["Using credentials"] = cred.user.."/"..cred.pass
    if ( not(status) ) then
      return err
    end
  end
  port.service = ps

  local status, val = cassandra.describe_cluster_name(socket,cassinc)
  if (not(status)) then
    return "Error getting cluster name: " .. val
  end
  cassinc = cassinc + 1
  port.version.name ='cassandra'
  port.version.product='Cassandra'
  port.version.name_confidence = 10
  nmap.set_port_version(host,port)
  results["Cluster name"] = val

  local status, val = cassandra.describe_version(socket,cassinc)
  if (not(status)) then
    return "Error getting version: " .. val
  end
  cassinc = cassinc + 1
  port.version.product='Cassandra ('..val..')'
  nmap.set_port_version(host,port)
  results["Version"] = val

  return results
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:CASSANDRA-INFO.NSE