Tag Archives: version

nfs-showmount total re-write

I received a bug report for my Nmap nfs-showmount script a few days ago. I ended up re-writing the whole thing as it was my first script, which is short for “ugly as hell”. I moved all NFS and RPC stuff into a new library called rpc.lua and added some more functionality as well.

I’ve also added two more scripts that make use of the library nfs-get-stats and nfs-get-dirlist. The first retrieves disk usage for each export and the second lists files on a share. They’re both available from the nmap-scripts page as usual.

Nmap does more MySQL

I’ve just added some code to my Nmap MySQL library that enables query support. With this code in place it’s possible to run queries against MySQL directly from a Nmap script. In order to illustrate this I’ve added three scripts: mysql-list-users, mysql-list-databases and mysql-show-variables.

While messing around with the library I also cleaned up the code for mysql-brute and mysql-empty-password. All of the scripts that query the database obviously require credentials to do so. These can be provided on the command line using script arguments mysqluser and mysqlpassword or by running the mysql-brute or mysql-empty-password on the same time. There are dependencies set up so that the query scripts wait until these two scripts have collected the credentials. Here’s some sample output from the scripts …

Continue reading

DAAP script for nmap

I’ve added a script that queries a DAAP service for it’s library. Depending on the version of the service it then attempts to query it for for a list of artists, albums and songs. It’s available, together with more other scripts, over at the nmap-scripts page.

Here’s a sample output when running against the Firefly Media Server:

| daap-get-library:
|   BUBBA|TWO
|     Fever Ray
|       Fever Ray (Deluxe Edition)
|         Concrete Walls
|         I’m Not Done
|         Here Before
|         Now’s The Only Time I Know
|         Stranger Than Kindness
|         Dry And Dusty
|         Keep The Streets Empty For Me
|         Triangle Walks
|         If I Had A Heart
|         Seven
|         When I Grow Up
|_       Coconut

LDAP for Nmap

Just posted some code (libraries and scripts) that allows Nmap to do LDAP queries. It’s available from the nmap-scripts page. The code consists of two libraries asn1 and ldap that do most of the work. The LDAP library supports the SearchRequest, BindRequest and UnbindRequest operations and therefore supports both unauthenticated and authenticated searches.

The functionality is still somewhat limited and the library has the following shortcomings in my opinion:

  • At the moment it only supports simple bind
  • It lacks filter parsing support. That said, it supports filters, but they need to be supplied using tables rather than their textual representation as described in RFC 2254.
  • SSL is currently not supported mainly because I didn’t have an SSL enabled LDAP server running.
  • Some attributes returned by AD fail parsing and return a blob of hex characters.
  • There’s an annoying GUI indentation bug that needs tending to.

Despite these shortcomings I’m releasing a first version of the library and scripts. The scripts have undergone limited testing against both OpenLDAP and ActiveDirectory.

Nmap SIP version script 0.2

I received some great feedback from Ron Bowes over at SkullSecurity, pointing out some redundant code and a better approach of achieving what I was doing. I have changed the code according to his suggestions and made it available for download here.

For more details on how to use the script check the first article over here.

Nmap SIP version script

As I’ve been tinkering with VoIP for a while I decided to write a version detection script for Nmap. It’s my first stab at both Nmap scripting and the Lua programming language so don’t expect to much. The limited tests I have made show that it does a reasonable job and returns any version information present in the server response. The script can be found here.

Continue reading