Monthly Archives: January 2010

nfs-showmount total re-write

I received a bug report for my Nmap nfs-showmount script a few days ago. I ended up re-writing the whole thing as it was my first script, which is short for “ugly as hell”. I moved all NFS and RPC stuff into a new library called rpc.lua and added some more functionality as well.

I’ve also added two more scripts that make use of the library nfs-get-stats and nfs-get-dirlist. The first retrieves disk usage for each export and the second lists files on a share. They’re both available from the nmap-scripts page as usual.

Nmap does more MySQL

I’ve just added some code to my Nmap MySQL library that enables query support. With this code in place it’s possible to run queries against MySQL directly from a Nmap script. In order to illustrate this I’ve added three scripts: mysql-list-users, mysql-list-databases and mysql-show-variables.

While messing around with the library I also cleaned up the code for mysql-brute and mysql-empty-password. All of the scripts that query the database obviously require credentials to do so. These can be provided on the command line using script arguments mysqluser and mysqlpassword or by running the mysql-brute or mysql-empty-password on the same time. There are dependencies set up so that the query scripts wait until these two scripts have collected the credentials. Here’s some sample output from the scripts …

Continue reading

DAAP script for nmap

I’ve added a script that queries a DAAP service for it’s library. Depending on the version of the service it then attempts to query it for for a list of artists, albums and songs. It’s available, together with more other scripts, over at the nmap-scripts page.

Here’s a sample output when running against the Firefly Media Server:

| daap-get-library:
|   BUBBA|TWO
|     Fever Ray
|       Fever Ray (Deluxe Edition)
|         Concrete Walls
|         I’m Not Done
|         Here Before
|         Now’s The Only Time I Know
|         Stranger Than Kindness
|         Dry And Dusty
|         Keep The Streets Empty For Me
|         Triangle Walks
|         If I Had A Heart
|         Seven
|         When I Grow Up
|_       Coconut

SNMP scripts for nmap

I just finished writing a bunch of Windows oriented SNMP scripts for nmap. A zip file containing all of them is available from the nmap-scripts page. The archive currently includes:

  • snmp-get-windows-processes.nse
  • snmp-get-windows-services.nse
  • snmp-get-windows-shares.nse
  • snmp-get-windows-software.nse
  • snmp-get-windows-users.nse

I have included some sample output in the full article.

Continue reading

dns work in nmap

I have been re-working my dns-service-discovery and lexmark-config scripts to make use of the nmap dns library. Why I failed to do this from the beginning is a mystery to me and others. The re-work went well and the end result allowed me to completely ditch the mdns library. In order to achieve what I needed I had to make some slight changes to the dns library which I have posted as a patch to the nmap-dev list.

While re-working the dns-service-discovery script I totally changed the output as well. It’s now less DNS:ish and more focused around the information. Here’s an example of the new format:

As the dns library is in use by other scripts I’ll wait until the changes are tested and confirmed not to break stuff before I post it here. If someone is eager to try the new scripts out the patch and scripts can be found here:

http://seclists.org/nmap-dev/2010/q1/92
http://seclists.org/nmap-dev/2010/q1/87