File: db2-discover.nse

package info (click to toggle)
nmap 6.47-3%2Bdeb8u2
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 44,788 kB
  • ctags: 25,108
  • sloc: ansic: 89,741; cpp: 62,412; sh: 19,492; python: 17,323; xml: 11,413; perl: 2,529; makefile: 2,503; yacc: 608; lex: 469; asm: 372; java: 45
file content (94 lines) | stat: -rw-r--r-- 2,682 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"

description = [[
Attempts to discover DB2 servers on the network by querying open ibm-db2 UDP ports (normally port 523).
]]

---
-- @usage
-- sudo nmap -sU -p 523 --script db2-discover <ip>
--
-- @output
-- PORT    STATE SERVICE
-- 523/udp open  ibm-db2
-- | db2-discover:
-- |   Host: EDUSRV011
-- |_  Version: IBM DB2 v9.07.0

-- Version 0.1
-- Created 08/27/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 10/10/2010 - v0.2 - add prerule, newtargets <patrik@cqure.net>
-- Revised 10/07/2011 - v0.3 - moved broadcast support to
--                             broadcast-db2-discover.nse <patrik@cqure.net>

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "default"}


portrule = shortport.version_port_or_service(523, "ibm-db2", "udp",
  {"open", "open|filtered"})

--- Converts the prodrel server string to a version string
--
-- @param server_version string containing the product release
-- @return ver string containing the version information
local function parseVersion( server_version )
  local pfx = string.sub(server_version,1,3)

  if pfx == "SQL" then
    local major_version = string.sub(server_version,4,5)

    -- strip the leading 0 from the major version, for consistency with
    -- nmap-service-probes results
    if string.sub(major_version,1,1) == "0" then
      major_version = string.sub(major_version,2)
    end
    local minor_version = string.sub(server_version,6,7)
    local hotfix = string.sub(server_version,8)
    server_version = major_version .. "." .. minor_version .. "." .. hotfix
  else
    return "Unknown version"
  end

  return ("IBM DB2 v%s"):format(server_version)
end

action = function(host, port)

  local DB2GETADDR = "DB2GETADDR\0SQL09010\0"
  local socket = nmap.new_socket()
  local result = {}

  socket:set_timeout(5000)

  local status, err = socket:connect( host, port, "udp")
  if ( not(status) ) then return end

  status, err = socket:send( DB2GETADDR )
  if ( not(status) ) then return end

  local data
  status, data = socket:receive()
  if( not(status) ) then
    socket:close()
    return
  end

  local version, srvname = data:match("DB2RETADDR.(SQL%d+).(.-)\0")

  if ( status ) then
    table.insert( result, ("Host: %s"):format(srvname) )
    table.insert( result, ("Version: %s"):format(parseVersion(version)) )
  end

  socket:close()
  -- set port to open
  nmap.set_port_state(host, port, "open")

  return stdnse.format_output( true, result )
end