Vulners
Lucene search
targets-sniffer NSE Script
| Reporter | Title | Published | Views | Family All 998 |
|---|---|---|---|---|
 | Exploit for Code Injection in Samba | 2 Dec 202509:55 | – | githubexploit |
| Exploit for Code Injection in Samba | 25 May 201713:20 | – | githubexploit |
| Exploit for Code Injection in Samba | 15 May 202106:52 | – | githubexploit |
| Exploit for Code Injection in Samba | 30 May 201715:08 | – | githubexploit |
| Exploit for Code Injection in Samba | 25 May 201713:20 | – | githubexploit |
| Exploit for CVE-2017-0143 | 16 May 201719:34 | – | githubexploit |
| Exploit for Code Injection in Samba | 9 May 202102:32 | – | githubexploit |
| Exploit for Code Injection in Samba | 5 Jun 201716:25 | – | githubexploit |
| Exploit for Code Injection in Samba | 26 May 201700:58 | – | githubexploit |
| Exploit for Code Injection in Samba | 1 Nov 202223:17 | – | githubexploit |
10
local ipOps = require "ipOps"
local nmap = require "nmap"
local packet = require "packet"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local target = require "target"
-- -*- mode: lua -*-:
-- vim: set filetype=lua :
description = [[
Sniffs the local network for a configurable amount of time (10 seconds
by default) and prints discovered addresses. If the
<code>newtargets</code> script argument is set, discovered addresses
are added to the scan queue.
Requires root privileges. Either the <code>targets-sniffer.iface</code> script
argument or <code>-e</code> Nmap option to define which interface to use.
]]
---
-- @usage
-- nmap -sL --script=targets-sniffer --script-args=newtargets,targets-sniffer.timeout=5s,targets-sniffer.iface=eth0
-- @args targets-sniffer.timeout The amount of time to listen for packets. Default <code>10s</code>.
-- @args targets-sniffer.iface The interface to use for sniffing.
-- @args newtargets If true, add discovered targets to the scan queue.
-- @output
-- Pre-scan script results:
-- | targets-sniffer:
-- | 192.168.0.1
-- | 192.168.0.3
-- | 192.168.0.35
-- |_192.168.0.100
-- Thanks to everyone for the feedback and especially Henri Doreau for his detailed feedback and suggestions
author = "Nick Nikolaou"
categories = {"broadcast", "discovery", "safe"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
local interface_info
local all_addresses= {}
local unique_addresses = {}
--Make sure the IP is not a broadcast or the local address
local function check_if_valid(address)
local broadcast = interface_info.broadcast
local local_address = interface_info.address
if address == local_address
or address == broadcast or address == "255.255.255.255"
or address:match('^ff') --IPv6 Multicast addrs
then
return false
else
return true end
end
-- Returns an array of address strings.
local function get_ip_addresses(layer3)
local ip = packet.Packet:new(layer3, layer3:len())
return { ipOps.str_to_ip(ip.ip_bin_src), ipOps.str_to_ip(ip.ip_bin_dst) }
end
prerule = function()
return nmap.is_privileged() and
(stdnse.get_script_args("targets-sniffer.iface") or nmap.get_interface())
end
action = function()
local sock = nmap.new_socket()
local packet_counter = 0
local ip_counter = 0
local timeout = stdnse.parse_timespec(stdnse.get_script_args("targets-sniffer.timeout"))
timeout = (timeout or 10) * 1000
local interface = stdnse.get_script_args("targets-sniffer.iface") or nmap.get_interface()
interface_info = nmap.get_interface_info(interface)
if interface_info==nil then -- Check if we have the interface information
stdnse.debug1("Error: Unable to get interface info. Did you specify the correct interface using 'targets-sniffer.iface=<interface>' or '-e <interface>'?")
return
end
if sock==nil then
stdnse.debug1("Error - unable to open socket using interface %s",interface)
return
else
sock:pcap_open(interface, 104, true, "ip or ip6")
stdnse.debug1("Will sniff for %s seconds on interface %s.", (timeout/1000),interface)
repeat
local start_time = nmap.clock_ms() -- Used for script timeout
sock:set_timeout(timeout)
local status, _, _, layer3 = sock:pcap_receive()
if status then
local addresses
packet_counter=packet_counter+1
addresses = get_ip_addresses(layer3)
stdnse.debug1("Got IP addresses %s", table.concat(addresses, " "))
for _, addr in ipairs(addresses) do
if check_if_valid(addr) == true then
if not unique_addresses[addr] then
unique_addresses[addr] = true
table.insert(all_addresses, addr)
end
end
end
end
-- Update timeout
timeout = timeout - (nmap.clock_ms() - start_time)
until timeout <= 0
sock:pcap_close()
end
if target.ALLOW_NEW_TARGETS == true then
if nmap.address_family() == 'inet6' then
for _,v in pairs(all_addresses) do
if v:match(':') then
target.add(v)
end
end
else
for _,v in pairs(all_addresses) do
if not v:match(':') then
target.add(v)
end
end
end
else
stdnse.debug1("Not adding targets to newtargets. If you want to do that use the 'newtargets' script argument.")
end
if #all_addresses>0 then
stdnse.debug1("Added %s address(es) to newtargets", #all_addresses)
end
return string.format("Sniffed %s address(es). \n", #all_addresses) .. table.concat(all_addresses, "\n")
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Oct 2018 01:08Current
0.4Low risk
Vulners AI Score0.4
EPSS0.94176