Lucene search

K
nmapToni RuottuNMAP:EPMD-INFO.NSE
HistoryApr 04, 2011 - 6:28 p.m.

epmd-info NSE Script

2011-04-0418:28:33
Toni Ruottu
nmap.org
79

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers.

Example Usage

nmap -p 4369 --script epmd-info <target>

Script Output

PORT     STATE SERVICE
4369/tcp open  epmd
| epmd-info.nse:
|   epmd_port: 4369
|   nodes:
|     rabbit: 36804
|_    ejabberd: 46540

Requires


local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"

description = [[
Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers.
]]

---
-- @usage
-- nmap -p 4369 --script epmd-info <target>
--
-- @output
-- PORT     STATE SERVICE
-- 4369/tcp open  epmd
-- | epmd-info.nse:
-- |   epmd_port: 4369
-- |   nodes:
-- |     rabbit: 36804
-- |_    ejabberd: 46540
-- @xmloutput
-- <elem key="epmd_port">4369</elem>
-- <table key="nodes">
--   <elem key="rabbit">36804</elem>
--   <elem key="ejabberd">46540</elem>
-- </table>

author = "Toni Ruottu"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

portrule = shortport.port_or_service (4369, "epmd")

action = function(host, port)
  local socket = nmap.new_socket()
  socket:set_timeout(stdnse.get_timeout(host))
  local try = nmap.new_try(function () socket:close() end)
  try(socket:connect(host, port))

  try(socket:send("\x00\x01n")) -- NAMESREQ = 110

  local getline = stdnse.make_buffer(socket, "\n")

  local data, err = getline()
  if data == nil then
    stdnse.debug2("Error on receive: %s", err)
    socket:close()
    return nil
  end

  local realport, pos = string.unpack(">I4", data)
  data = string.sub(data, pos)

  local nodes = stdnse.output_table()
  local name, port
  while data and data ~= "" do
    name, port = data:match("^name (.*) at port (%d+)")
    if name then
      nodes[name] = port
    end
    data = getline()
  end

  local response = stdnse.output_table()
  response.epmd_port = realport
  response.nodes = nodes
  return response
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:EPMD-INFO.NSE