Lucene search

K
nmapPatrik KarlssonNMAP:RIAK-HTTP-INFO.NSE
HistoryJan 02, 2012 - 11:37 a.m.

riak-http-info NSE Script

2012-01-0211:37:38
Patrik Karlsson
nmap.org
62

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Retrieves information (such as node name and architecture) from a Basho Riak distributed database using the HTTP protocol.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 8098 <ip> --script riak-http-info

Script Output

PORT     STATE SERVICE
8098/tcp open  http
| riak-http-info:
|   Node name                  [email protected]
|   Architecture               x86_64-unknown-linux-gnu
|   Storage backend            riak_kv_bitcask_backend
|   Total Memory               516550656
|   Crypto version             2.0.3
|   Skerl version              1.1.0
|   OS mon. version            2.2.6
|   Basho version              1.0.1
|   Lager version              0.9.4
|   Cluster info version       1.2.0
|   Luke version               0.2.4
|   SASL version               2.1.9.4
|   System driver version      1.5
|   Bitcask version            1.3.0
|   Riak search version        1.0.2
|   Riak kernel version        2.14.4
|   Riak stdlib version        1.17.4
|   Basho metrics version      1.0.0
|   WebMachine version         1.9.0
|   Public key version         0.12
|   Riak vore version          1.0.2
|   Riak pipe version          1.0.2
|   Runtime tools version      1.8.5
|   SSL version                4.1.5
|   MochiWeb version           1.5.1
|   Erlang JavaScript version  1.0.0
|   Riak kv version            1.0.2
|   Luwak version              1.1.2
|   Merge index version        1.0.1
|   Inets version              5.6
|_  Riak sysmon version        1.0.0

Requires


local http = require "http"
local json = require "json"
local shortport = require "shortport"
local stdnse = require "stdnse"
local tab = require "tab"

description = [[
Retrieves information (such as node name and architecture) from a Basho Riak distributed database using the HTTP protocol.
]]

---
-- @usage
-- nmap -p 8098 <ip> --script riak-http-info
--
-- @output
-- PORT     STATE SERVICE
-- 8098/tcp open  http
-- | riak-http-info:
-- |   Node name                  [email protected]
-- |   Architecture               x86_64-unknown-linux-gnu
-- |   Storage backend            riak_kv_bitcask_backend
-- |   Total Memory               516550656
-- |   Crypto version             2.0.3
-- |   Skerl version              1.1.0
-- |   OS mon. version            2.2.6
-- |   Basho version              1.0.1
-- |   Lager version              0.9.4
-- |   Cluster info version       1.2.0
-- |   Luke version               0.2.4
-- |   SASL version               2.1.9.4
-- |   System driver version      1.5
-- |   Bitcask version            1.3.0
-- |   Riak search version        1.0.2
-- |   Riak kernel version        2.14.4
-- |   Riak stdlib version        1.17.4
-- |   Basho metrics version      1.0.0
-- |   WebMachine version         1.9.0
-- |   Public key version         0.12
-- |   Riak vore version          1.0.2
-- |   Riak pipe version          1.0.2
-- |   Runtime tools version      1.8.5
-- |   SSL version                4.1.5
-- |   MochiWeb version           1.5.1
-- |   Erlang JavaScript version  1.0.0
-- |   Riak kv version            1.0.2
-- |   Luwak version              1.1.2
-- |   Merge index version        1.0.1
-- |   Inets version              5.6
-- |_  Riak sysmon version        1.0.0
--

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}


portrule = shortport.port_or_service(8098, "http")

local filter = {
  ["sys_system_architecture"] = { name = "Architecture" },
  ["mem_total"] = { name = "Total Memory" },
  ["crypto_version"] = { name = "Crypto version" },
  ["skerl_version"] = { name = "Skerl version" },
  ["os_mon_version"] = { name = "OS mon. version" },
  ["nodename"] = { name = "Node name" },
  ["basho_stats_version"] = { name = "Basho version" },
  ["lager_version"] = { name = "Lager version" },
  ["cluster_info_version"] = { name = "Cluster info version" },
  ["luke_version"] = { name = "Luke version" },
  ["sasl_version"] = { name = "SASL version" },
  ["sys_driver_version"] = { name = "System driver version" },
  ["bitcask_version"] = { name = "Bitcask version" },
  ["riak_search_version"] = { name = "Riak search version" },
  ["kernel_version"] = { name = "Riak kernel version" },
  ["stdlib_version"] = { name = "Riak stdlib version" },
  ["basho_metrics_version"] = { name = "Basho metrics version" },
  ["webmachine_version"] = { name = "WebMachine version" },
  ["public_key_version"] = { name = "Public key version" },
  ["riak_core_version"] = { name = "Riak vore version" },
  ["riak_pipe_version"] = { name = "Riak pipe version" },
  ["runtime_tools_version"] = { name = "Runtime tools version" },
  ["ssl_version"] = { name = "SSL version" },
  ["mochiweb_version"] = { name = "MochiWeb version"},
  ["erlang_js_version"] = { name = "Erlang JavaScript version" },
  ["riak_kv_version"] = { name = "Riak kv version" },
  ["luwak_version"] = { name = "Luwak version"},
  ["merge_index_version"] = { name = "Merge index version" },
  ["inets_version"] = { name = "Inets version" },
  ["storage_backend"] = { name = "Storage backend" },
  ["riak_sysmon_version"] = { name = "Riak sysmon version" },
}

local order = {
  "nodename", "sys_system_architecture", "storage_backend", "mem_total",
  "crypto_version", "skerl_version", "os_mon_version", "basho_stats_version",
  "lager_version", "cluster_info_version", "luke_version", "sasl_version",
  "sys_driver_version", "bitcask_version", "riak_search_version",
  "kernel_version", "stdlib_version", "basho_metrics_version",
  "webmachine_version", "public_key_version", "riak_core_version",
  "riak_pipe_version", "runtime_tools_version", "ssl_version",
  "mochiweb_version", "erlang_js_version", "riak_kv_version",
  "luwak_version", "merge_index_version", "inets_version", "riak_sysmon_version"
}


local function fail(err) return stdnse.format_output(false, err) end

action = function(host, port)

  local response = http.get(host, port, "/stats")

  if ( not(response) or response.status ~= 200 ) then
    return
  end

  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
  local status_404, result_404, _ = http.identify_404(host,port)
  if ( status_404 and result_404 == 200 ) then
    stdnse.debug1("Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", host.ip, port.number)
    return nil
  end

  -- Silently abort if the server responds as anything different than
  -- MochiWeb
  if ( response.header['server'] and
      not(response.header['server']:match("MochiWeb")) ) then
    return
  end

  local status, parsed = json.parse(response.body)
  if ( not(status) ) then
    return fail("Failed to parse response")
  end

  local result = tab.new(2)
  for _, item in ipairs(order) do
    if ( parsed[item] ) then
      local name = filter[item].name
      local val = ( filter[item].func and filter[item].func(parsed[item]) or parsed[item] )
      tab.addrow(result, name, val)
    end
  end
  return stdnse.format_output(true, tab.dump(result))

end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:RIAK-HTTP-INFO.NSE