| Path : /usr/share/nmap/scripts/ |
|
|
| Current File : //usr/share/nmap/scripts/broadcast-xdmcp-discover.nse |
local os = require "os"
local stdnse = require "stdnse"
local table = require "table"
local xdmcp = require "xdmcp"
description = [[
Discovers servers running the X Display Manager Control Protocol (XDMCP) by
sending a XDMCP broadcast request to the LAN. Display managers allowing access
are marked using the keyword Willing in the result.
]]
---
-- @usage
-- nmap --script broadcast-xdmcp-discover
--
-- @output
-- Pre-scan script results:
-- | broadcast-xdmcp-discover:
-- |_ 192.168.2.162 - Willing
--
-- @args broadcast-xdmcp-discover.timeout socket timeout (default: 5s)
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
prerule = function() return true end
local arg_timeout = stdnse.parse_timespec(stdnse.get_script_args(SCRIPT_NAME .. ".timeout"))
action = function()
local host, port = { ip = "255.255.255.255" }, { number = 177, protocol = "udp" }
local options = { timeout = 1 }
local helper = xdmcp.Helper:new(host, port, options)
local status = helper:connect()
local req = xdmcp.Packet[xdmcp.OpCode.BCAST_QUERY]:new(nil)
local status, err = helper:send(req)
if ( not(status) ) then
return false, err
end
local timeout = arg_timeout or 5
local start = os.time()
local result = {}
repeat
local status, response = helper:recv()
if ( not(status) and response ~= "TIMEOUT" ) then
break
elseif ( status ) then
local status, _, _, rhost = helper.socket:get_info()
if ( response.header.opcode == xdmcp.OpCode.WILLING ) then
result[rhost] = true
else
result[rhost] = false
end
end
until( os.time() - start > timeout )
local output = {}
for ip, res in pairs(result) do
if ( res ) then
table.insert(output, ("%s - Willing"):format(ip))
else
table.insert(output, ("%s - Unwilling"):format(ip))
end
end
return stdnse.format_output(true, output)
end
@KyuuKazami