Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapToni RuottuNMAP:OPENLOOKUP-INFO.NSE
HistoryOct 03, 2011 - 9:35 p.m.

openlookup-info NSE Script

2011-10-0321:35:30
Toni Ruottu
nmap.org
53

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Parses and displays the banner information of an OpenLookup (network key-value store) server.

Example Usage

nmap -p 5850 --script openlookup-info <target>

Script Output

5850/tcp open  openlookup
| openlookup-info:
|   sync port: 5850
|   name: Paradise, Arizona
|   your address: 127.0.0.1:50162
|   timestamp: 2011-05-21T11:26:07
|   version: 2.7
|_  http port: 5851

Requires

local comm = require "comm"
local datetime = require "datetime"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local stringaux = require "stringaux"
local table = require "table"

description = [[
Parses and displays the banner information of an OpenLookup (network key-value store) server.
]]

---
-- @usage
-- nmap -p 5850 --script openlookup-info <target>
--
-- @output
-- 5850/tcp open  openlookup
-- | openlookup-info:
-- |   sync port: 5850
-- |   name: Paradise, Arizona
-- |   your address: 127.0.0.1:50162
-- |   timestamp: 2011-05-21T11:26:07
-- |   version: 2.7
-- |_  http port: 5851
--
-- @xmloutput
-- <elem key="sync port">5850</elem>
-- <elem key="name">Paradise, Arizona</elem>
-- <elem key="your address">127.0.0.1:50162</elem>
-- <elem key="timestamp">2011-05-21T11:26:07</elem>
-- <elem key="version">2.7</elem>
-- <elem key="http port">5851</elem>

author = "Toni Ruottu"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe", "version"}


portrule = shortport.version_port_or_service(5850, "openlookup")

-- Netstring helpers
-- http://cr.yp.to/proto/netstrings.txt

-- parses a Netstring element
local function parsechunk(data)
  local parts = stringaux.strsplit(":", data)
  if #parts < 2 then
    return nil, data
  end
  local head = table.remove(parts, 1)
  local size = tonumber(head)
  if not size then
    return nil, data
  end
  local body = table.concat(parts, ":")
  if #body < size then
    return nil, data
  end
  local chunk = string.sub(body, 1, size)
  local skip = #chunk + string.len(",")
  local rest = string.sub(body, skip + 1)
  return chunk, rest
end

-- NSON helpers
-- http://code.google.com/p/messkit/source/browse/trunk/messkit/nson.py

-- parses an NSON int
local function parseint(data)
  if string.sub(data, 1, 1) ~= "i" then
    return
  end
  local text = string.sub(data, 2)
  local number = tonumber(text)
  return number
end

-- parses an NSON float
local function parsefloat(data)
  if string.sub(data, 1, 1) ~= "f" then
    return
  end
  local text = string.sub(data, 2)
  local number = tonumber(text)
  return number
end

-- parses an NSON string
local function parsestring(data)
  if string.sub(data, 1, 1) ~= "s" then
    return
  end
  return string.sub(data, 2)
end

-- parses an NSON int, float, or string
local function parsesimple(data)
  local i = parseint(data)
  local f = parsefloat(data)
  local s = parsestring(data)
  return i or f or s
end

-- parses an NSON dictionary
local function parsedict(data)
  if #data < 1 then
    return
  end
  if string.sub(data, 1, 1) ~= "d" then
    return
  end
  local rest = string.sub(data, 2)
  local dict = {}
  while #rest > 0 do
    local chunk, key, value
    chunk, rest = parsechunk(rest)
    if not chunk then
      return
    end
    key = parsestring(chunk)
    value, rest = parsechunk(rest)
    if not value then
      return
    end
    dict[key] = value
  end
  return dict
end

-- parses an NSON array
local function parsearray(data)
  if #data < 1 then
    return
  end
  if string.sub(data, 1, 1) ~= "a" then
    return
  end
  local rest = string.sub(data, 2)
  local array = {}
  while #rest > 0 do
    local value
    value, rest = parsechunk(rest)
    if not value then
      return
    end
    table.insert(array, value)
  end
  return array
end

-- OpenLookup specific stuff

local function formataddress(data)
  local parts = parsearray(data)
  if not parts then
    return
  end
  if #parts < 2 then
    return
  end
  local ip = parsestring(parts[1])
  if not ip then
    return
  end
  local port = parseint(parts[2])
  if not port then
    return
  end
  return ip .. ":" .. port
end

local function formattime(data)
  local time = parsefloat(data)
  if not time then
    return
  end
  return datetime.format_timestamp(time)
end

local function formatvalue(key, nson)
  local value
  if key == "your_address" then
    value = formataddress(nson)
  elseif key == "timestamp" then
    value = formattime(nson)
  else
    value = parsesimple(nson)
  end
  if not value then
    value = "<" .. #nson .. "B of data>"
  end
  return value
end

function formatoptions(header)
  local msg = parsedict(header)
  if not msg then
    return
  end
  local rawmeth = msg["method"]
  if not rawmeth then
    stdnse.debug2("header missing method field")
    return
  end
  local method = parsestring(rawmeth)
  if not method then
    return
  end
  if method ~= "hello" then
    stdnse.debug1("expecting hello, got " .. method .. " instead")
    return
  end
  local rawopts = msg["options"]
  if not rawopts then
    return {}
  end
  return parsedict(rawopts)
end

action = function(host, port)
  local status, banner = comm.get_banner(host, port)
  if not status then
    return
  end
  local header, _ = parsechunk(banner)
  if not header then
    return
  end
  local options = formatoptions(header)
  if not options then
    return
  end
  port.version.name = "openlookup"
  local version = options["version"]
  if version then
    port.version.version = version
  end
  nmap.set_port_version(host, port)
  if #options < 1 then
    return
  end
  return options
end

Related

nmap 200
nmap
nmap
rusers NSE Script
2016-03-14 16:03:47
daytime NSE Script
2008-11-06 02:52:59
nessus-brute NSE Script
2011-10-26 21:45:33

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:OPENLOOKUP-INFO.NSE
nmap200