Lucene search

K
nmapClaudio CriscioneNMAP:DOCKER-VERSION.NSE
HistorySep 24, 2014 - 8:31 p.m.

docker-version NSE Script

2014-09-2420:31:42
Claudio Criscione
nmap.org
200

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Detects the Docker service version.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sV <target>

Script Output

PORT     STATE SERVICE VERSION
2375/tcp open  docker  Docker 1.11.2
|   Version: 1.11.2
|   BuildTime: 2016-06-01T21:47:50.269346868+00:00
|   Arch: amd64
|   KernelVersion: 3.13.0-91-generic
|   Os: linux
|   ApiVersion: 1.23
|   GitCommit: b9f10c9
|_  GoVersion: go1.5.4

Requires


local shortport =  require "shortport"
local json = require "json"
local http = require "http"
local nmap = require "nmap"

description = [[Detects the Docker service version.]]

---
-- @output
-- PORT     STATE SERVICE VERSION
-- 2375/tcp open  docker  Docker 1.11.2
-- |   Version: 1.11.2
-- |   BuildTime: 2016-06-01T21:47:50.269346868+00:00
-- |   Arch: amd64
-- |   KernelVersion: 3.13.0-91-generic
-- |   Os: linux
-- |   ApiVersion: 1.23
-- |   GitCommit: b9f10c9
-- |_  GoVersion: go1.5.4


author = "Claudio Criscione"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"version"}

portrule = shortport.version_port_or_service({2375, 2376}, {"docker", "docker-s"}, "tcp")

action = function(host, port)

  local http_response = http.get(host, port, "/version")
  if not http_response or not http_response.status or
    http_response.status ~= 200 or not http_response.body then
    return
  end

  local ok_json, response = json.parse(http_response.body)
  if ok_json and response["Version"] and response["GitCommit"] then
    ---Detected
    port.version.name = 'docker'
    port.version.version = response["Version"]
    port.version.product = "Docker"
    nmap.set_port_version(host, port)
    return response
  end
  return
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:DOCKER-VERSION.NSE