Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPatrik KarlssonNMAP:HTTP-ICLOUD-FINDMYIPHONE.NSE
HistoryApr 17, 2012 - 7:35 p.m.

http-icloud-findmyiphone NSE Script

2012-04-1719:35:44
Patrik Karlsson
nmap.org
225

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Retrieves the locations of all “Find my iPhone” enabled iOS devices by querying the MobileMe web service (authentication required).

Script Arguments

http-icloud-findmyiphone.username

the Apple Id username

http-icloud-findmyiphone.password

the Apple Id password

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sn -Pn --script http-icloud-findmyiphone --script-args='username=<user>,password=<pass>'

Script Output

Pre-scan script results:
| http-icloud-findmyiphone:
|   name                           location        accuracy  date               type
|   Patrik Karlsson's MacBook Air  -,-             -         -                  -
|   Patrik Karlsson's iPhone       40.690,-74.045  65        04/10/12 16:56:37  Wifi
|_  Mac mini                       40.690,-74.045  65        04/10/12 16:56:36  Wifi

Requires

local mobileme = require "mobileme"
local datetime = require "datetime"
local stdnse = require "stdnse"
local tab = require "tab"

description = [[
Retrieves the locations of all "Find my iPhone" enabled iOS devices by querying
the MobileMe web service (authentication required).
]]

---
-- @usage
-- nmap -sn -Pn --script http-icloud-findmyiphone --script-args='username=<user>,password=<pass>'
--
-- @output
-- Pre-scan script results:
-- | http-icloud-findmyiphone:
-- |   name                           location        accuracy  date               type
-- |   Patrik Karlsson's MacBook Air  -,-             -         -                  -
-- |   Patrik Karlsson's iPhone       40.690,-74.045  65        04/10/12 16:56:37  Wifi
-- |_  Mac mini                       40.690,-74.045  65        04/10/12 16:56:36  Wifi
--
-- @args http-icloud-findmyiphone.username the Apple Id username
-- @args http-icloud-findmyiphone.password the Apple Id password
--

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "external"}


local arg_username = stdnse.get_script_args(SCRIPT_NAME .. ".username")
local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password")

prerule = function() return true end

-- decode basic UTF8 encoded strings
-- iOS devices are commonly named after the user eg:
--  * Patrik Karlsson's Macbook Air
--  * Patrik Karlsson's iPhone
--
-- This function decodes the single quote as a start and should really
-- be replaced with a proper UTF-8 decoder in the future
local function decodeString(str)
  return str:gsub("\226\128\153", "'")
end

local function fail(err) return stdnse.format_output(false, err) end

action = function()

  if ( not(arg_username) or not(arg_password) ) then
    return fail("No username or password was supplied")
  end

  local mobileme = mobileme.Helper:new(arg_username, arg_password)
  local status, response = mobileme:getLocation()

  if ( not(status) ) then
    stdnse.debug2("%s", response)
    return fail("Failed to retrieve location information")
  end

  local output = tab.new(4)
  tab.addrow(output, "name", "location", "accuracy", "date", "type")
  for name, info in pairs(response) do
    local loc
    if ( info.latitude and info.longitude ) then
      loc = ("%.3f,%.3f"):format(
        tonumber(info.latitude) or "-",
        tonumber(info.longitude) or "-")
    else
      loc = "-,-"
    end
    local ts
    if ( info.timestamp and 1000 < info.timestamp ) then
      ts = datetime.format_timestamp(info.timestamp//1000)
    else
      ts = "-"
    end
    tab.addrow(output, decodeString(name), loc, info.accuracy or "-", ts, info.postype or "-")
  end

  if ( 1 < #output ) then
    return stdnse.format_output(true, tab.dump(output))
  end
end

Related

nmap 199
nmap
nmap
ms-sql-empty-password NSE Script
2010-04-04 10:11:54
nat-pmp-info NSE Script
2010-09-28 19:43:06
stuxnet-detect NSE Script
2010-12-12 22:40:42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:HTTP-ICLOUD-FINDMYIPHONE.NSE
nmap199