Detects the CCcam service (software for sharing subscription TV among multiple receivers).
The service normally runs on port 12000. It distinguishes itself by printing 16 random-looking bytes upon receiving a connection.
Because the script attempts to detect “random-looking” bytes, it has a small chance of failing to detect the service when the data do not seem random enough.
nmap -sV <target>
local nmap = require "nmap"
local shortport = require "shortport"
local formulas = require "formulas"
description = [[
Detects the CCcam service (software for sharing subscription TV among
multiple receivers).
The service normally runs on port 12000. It distinguishes
itself by printing 16 random-looking bytes upon receiving a
connection.
Because the script attempts to detect "random-looking" bytes, it has a small
chance of failing to detect the service when the data do not seem random
enough.]]
categories = {"version"}
author = "David Fifield"
local NUM_TRIALS = 2
local function trial(host, port)
local status, data, s
s = nmap.new_socket()
status, data = s:connect(host, port)
if not status then
return
end
status, data = s:receive_bytes(0)
if not status then
s:close()
return
end
s:close()
return data
end
portrule = shortport.version_port_or_service({10000, 10001, 12000, 12001, 16000, 16001}, "cccam")
function action(host, port)
local seen = {}
-- Try a couple of times to see that the response isn't constant. (But
-- more trials also increase the chance that we will reject a legitimate
-- cccam service.)
for i = 1, NUM_TRIALS do
local data
data = trial(host, port)
if not data or seen[data] or #data ~= 16 or not formulas.looksRandom(data) then
return
end
seen[data] = true
end
port.version.name = "cccam"
port.version.version = "CCcam DVR card sharing system"
nmap.set_port_version(host, port)
end