Lucene search

K
nmapJohn R. BondNMAP:HADOOP-SECONDARY-NAMENODE-INFO.NSE
HistoryNov 08, 2011 - 4:00 p.m.

hadoop-secondary-namenode-info NSE Script

2011-11-0816:00:16
John R. Bond
nmap.org
79

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Retrieves information from an Apache Hadoop secondary NameNode HTTP status page.

Information gathered:

  • Date/time the service was started
  • Hadoop version
  • Hadoop compile date
  • Hostname or IP address and port of the master NameNode server
  • Last time a checkpoint was taken
  • How often checkpoints are taken (in seconds)
  • Log directory (relative to <http://host:port/>)
  • File size of current checkpoint

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

max-newtargets, newtargets

See the documentation for the target library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script  hadoop-secondary-namenode-info -p 50090 host

Script Output

PORT      STATE  SERVICE REASON
50090/tcp open   unknown syn-ack
| hadoop-secondary-namenode-info:
|   Start: Wed May 11 22:33:44 PDT 2011
|   Version: 0.20.2, f415ef415ef415ef415ef415ef415ef415ef415e
|   Compiled: Wed May 11 22:33:44 PDT 2011 by bob from unknown
|   Log: /logs/
|   namenode: namenode1.example.com/192.0.1.1:8020
|   Last Checkpoint: Wed May 11 22:33:44 PDT 2011
|   Checkpoint Period: 3600 seconds
|_  Checkpoint Size: 12345678 MB

Requires


local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local target = require "target"

description = [[
Retrieves information from an Apache Hadoop secondary NameNode HTTP status page.

Information gathered:
* Date/time the service was started
* Hadoop version
* Hadoop compile date
* Hostname or IP address and port of the master NameNode server
* Last time a checkpoint was taken
* How often checkpoints are taken (in seconds)
* Log directory (relative to http://host:port/)
* File size of current checkpoint
]]

---
-- @usage
-- nmap --script  hadoop-secondary-namenode-info -p 50090 host
--
-- @output
-- PORT      STATE  SERVICE REASON
-- 50090/tcp open   unknown syn-ack
-- | hadoop-secondary-namenode-info:
-- |   Start: Wed May 11 22:33:44 PDT 2011
-- |   Version: 0.20.2, f415ef415ef415ef415ef415ef415ef415ef415e
-- |   Compiled: Wed May 11 22:33:44 PDT 2011 by bob from unknown
-- |   Log: /logs/
-- |   namenode: namenode1.example.com/192.0.1.1:8020
-- |   Last Checkpoint: Wed May 11 22:33:44 PDT 2011
-- |   Checkpoint Period: 3600 seconds
-- |_  Checkpoint Size: 12345678 MB
--
-- @xmloutput
-- <elem key="Start">Wed May 11 22:33:44 PDT 2011</elem>
-- <elem key="Version">0.20.2, f415ef415ef415ef415ef415ef415ef415ef415e</elem>
-- <elem key="Compiled">Wed May 11 22:33:44 PDT 2011 by bob from unknown</elem>
-- <elem key="Log">/logs/</elem>
-- <elem key="namenode">namenode1.example.com/192.0.1.1:8020</elem>
-- <elem key="Last Checkpoint">Wed May 11 22:33:44 PDT 2011</elem>
-- <elem key="Checkpoint Period">3600 seconds</elem>
-- <elem key="Checkpoint Size">12345678 MB</elem>

author = "John R. Bond"
license = "Simplified (2-clause) BSD license--See https://nmap.org/svn/docs/licenses/BSD-simplified"
categories = {"default", "discovery", "safe"}


portrule = function(host, port)
  -- Run for the special port number, or for any HTTP-like service that is
  -- not on a usual HTTP port.
  return shortport.port_or_service ({50090}, "hadoop-secondary-namenode")(host, port)
    or (shortport.service(shortport.LIKELY_HTTP_SERVICES)(host, port) and not shortport.portnumber(shortport.LIKELY_HTTP_PORTS)(host, port))
end

action = function( host, port )

  local result = stdnse.output_table()
  local uri = "/status.jsp"
  stdnse.debug1("HTTP GET %s:%s%s", host.targetname or host.ip, port.number, uri)
  local response = http.get( host, port, uri )
  stdnse.debug1("Status %s",response['status-line'] or "No Resposne")
  if response['status-line'] and response['status-line']:match("200%s+OK") and response['body']  then
    local body = response['body']:gsub("%%","%%%%")
    local stats = {}
    stdnse.debug2("Body %s\n",body)
    -- Page isn't valid html :(
    for i in string.gmatch(body,"\n[%w%s]+:%s+[^][\n]+") do
      table.insert(stats,i:match(":%s+([^][\n]+)"))
    end
    if #stats == 5 then
      stdnse.debug1("namenode %s",stats[1])
      stdnse.debug1("Start %s",stats[2])
      stdnse.debug1("Last Checkpoint %s",stats[3])
      stdnse.debug1("Checkpoint Period %s",stats[4])
      stdnse.debug1("Checkpoint Size %s",stats[5])
      result["Start"] = stats[2]
    end
    if body:match("Version:%s*</td><td>([^][\n]+)") then
      local version = body:match("Version:%s*</td><td>([^][\n]+)")
      stdnse.debug1("Version %s",version)
      result["Version"] = version
      port.version.version = version
    end
    if body:match("Compiled:%s*</td><td>([^][\n]+)") then
      local compiled = body:match("Compiled:%s*</td><td>([^][\n]+)")
      stdnse.debug1("Compiled %s",compiled)
      result["Compiled"] = compiled
    end
    if body:match("([^][\"]+)\">Logs") then
      local logs = body:match("([^][\"]+)\">Logs")
      stdnse.debug1("Logs %s",logs)
      result["Logs"] = logs
    end
    if #stats == 5 then
      result["Namenode"] = stats[1]
      result["Last Checkpoint"] = stats[3]
      result["Checkpoint Period"] = stats[4]
      result["Checkpoint"] = stats[5]
    end
    if target.ALLOW_NEW_TARGETS then
      if stats[1]:match("([^][/]+)") then
        local newtarget = stats[1]:match("([^][/]+)")
        stdnse.debug1("Added target: %s", newtarget)
        local status,err = target.add(newtarget)
      end
    end
    if #result > 0 then
      port.version.name = "hadoop-secondary-namenode"
      port.version.product = "Apache Hadoop"
      nmap.set_port_version(host, port)
      return result
    end

  end
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:HADOOP-SECONDARY-NAMENODE-INFO.NSE