Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapBrandon EnrightNMAP:SKYPEV2-VERSION.NSE
HistoryNov 06, 2008 - 2:52 a.m.

skypev2-version NSE Script

2008-11-0602:52:59
Brandon Enright
nmap.org
61

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Detects the Skype version 2 service.

Example Usage

nmap -sV <target>

Script Output

PORT   STATE SERVICE VERSION
80/tcp open  skype2  Skype

Requires

local comm = require "comm"
local nmap = require "nmap"
local shortport = require "shortport"
local string = require "string"
local U = require "lpeg-utility"

description = [[
Detects the Skype version 2 service.
]]

---
-- @output
-- PORT   STATE SERVICE VERSION
-- 80/tcp open  skype2  Skype

author = "Brandon Enright"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"version"}


portrule = function(host, port)
  return (port.number == 80 or port.number == 443 or
    port.service == nil or port.service == "" or
    port.service == "unknown")
  and port.protocol == "tcp" and port.state == "open"
  and port.version.name_confidence < 10
  and not(shortport.port_is_excluded(port.number,port.protocol))
  and nmap.version_intensity() >= 7
end

action = function(host, port)
  local result, rand
  -- Did the service engine already do the hard work?
  if port.version and port.version.service_fp then
    -- Probes sent, replies received, but no match.
    result = U.get_response(port.version.service_fp, "GetRequest")
    -- Loop through the ASCII probes most likely to receive random response
    -- from Skype. Others will also receive this response, but are harder to
    -- distinguish from an echo service.
    for _, p in ipairs({"HTTPOptions", "RTSPRequest"}) do
      rand = U.get_response(port.version.service_fp, p)
      if rand then
        break
      end
    end
  end
  local status
  if not result then
    -- Have to send the probe ourselves.
    status, result = comm.exchange(host, port,
      "GET / HTTP/1.0\r\n\r\n", {bytes=26})

    if (not status) then
      return nil
    end
  end

  if (result ~= "HTTP/1.0 404 Not Found\r\n\r\n") then
    return
  end

  -- So far so good, now see if we get random data for another request
  if not rand then
    status, rand = comm.exchange(host, port,
      "random data\r\n\r\n", {bytes=15})

    if (not status) then
      return
    end
  end

  if string.match(rand, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then
    -- Detected
    port.version.name = "skype2"
    port.version.product = "Skype"
    nmap.set_port_version(host, port)
    return
  end
  return
end

Related

nmap 199
nmap
nmap
rpc-grind NSE Script
2012-08-17 18:44:35
imap-capabilities NSE Script
2009-06-08 23:21:56
freelancer-info NSE Script
2013-11-20 04:31:31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:SKYPEV2-VERSION.NSE
nmap199