1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
local nmap = require "nmap"
local os = require "os"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN.
]]
---
-- @usage
-- nmap --script broadcast-pc-anywhere
--
-- @output
-- Pre-scan script results:
-- | broadcast-pc-anywhere:
-- |_ 10.0.200.113 - WIN2K3SRV-1
--
-- @args broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff
-- the network interface. (default varies according to timing. -T3 = 5s)
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "broadcast", "safe" }
local TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args("broadcast-pc-anywhere.timeout"))
prerule = function() return ( nmap.address_family() == "inet") end
action = function()
local host = { ip = "255.255.255.255" }
local port = { number = 5632, protocol = "udp" }
local socket = nmap.new_socket("udp")
socket:set_timeout(500)
for i=1,2 do
local status = socket:sendto(host, port, "NQ")
if ( not(status) ) then
return stdnse.format_output(false, "Failed to send broadcast request")
end
end
local timeout = TIMEOUT or ( 20 / ( nmap.timing_level() + 1 ) )
local responses = {}
local stime = os.time()
repeat
local status, data = socket:receive()
if ( status ) then
local srvname = data:match("^NR([^_]*)_*AHM_3___\0$")
if ( srvname ) then
local status, _, _, rhost, _ = socket:get_info()
if ( not(status) ) then
socket:close()
return false, "Failed to get socket information"
end
-- avoid duplicates
responses[rhost] = srvname
end
end
until( os.time() - stime > timeout )
socket:close()
local result = {}
for ip, name in pairs(responses) do
table.insert(result, ("%s - %s"):format(ip,name))
end
return stdnse.format_output(true, result)
end
|
