File: rpcinfo.nse

package info (click to toggle)
nmap 7.40-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 50,080 kB
  • ctags: 26,777
  • sloc: ansic: 98,862; cpp: 64,063; python: 17,751; sh: 14,584; xml: 11,448; makefile: 2,635; perl: 2,585; yacc: 660; lex: 457; asm: 372; java: 45; objc: 43
file content (126 lines) | stat: -rw-r--r-- 4,382 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
local nmap = require "nmap"
local rpc = require "rpc"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

description = [[
Connects to portmapper and fetches a list of all registered programs.  It then
prints out a table including (for each program) the RPC program number,
supported version numbers, port number and protocol, and program name.
]]

---
-- @output
-- PORT    STATE SERVICE
-- 111/tcp open  rpcbind
-- | rpcinfo:
-- |   program version   port/proto  service
-- |   100000  2,3,4        111/tcp  rpcbind
-- |   100000  2,3,4        111/udp  rpcbind
-- |   100001  2,3,4      32774/udp  rstatd
-- |   100002  2,3        32776/udp  rusersd
-- |   100002  2,3        32780/tcp  rusersd
-- |   100011  1          32777/udp  rquotad
-- |   100021  1,2,3,4     4045/tcp  nlockmgr
-- |   100021  1,2,3,4     4045/udp  nlockmgr
-- |   100024  1          32771/tcp  status
-- |   100024  1          32773/udp  status
-- |   100068  2,3,4,5    32775/udp  cmsd
-- |   100083  1          32779/tcp  ttdbserverd
-- |   100133  1          32771/tcp  nsm_addrand
-- |   100133  1          32773/udp  nsm_addrand
-- |   100229  1,2        32775/tcp  metad
-- |   100230  1          32778/tcp  metamhd
-- |   100242  1          32777/tcp  rpc.metamedd
-- |   100249  1          32780/udp  snmpXdmid
-- |   100249  1          32781/tcp  snmpXdmid
-- |   100422  1          32776/tcp  mdcommd
-- |   1073741824 1          32772/tcp  fmproduct
-- |   300598  1          32782/tcp  dmispd
-- |   300598  1          32783/udp  dmispd
-- |   805306368 1          32782/tcp  dmispd
-- |_  805306368 1          32783/udp  dmispd
--@xmloutput
--<table>
--  <table key="100003">
--    <table key="tcp">
--      <elem key="port">2049</elem>
--      <table key="version">
--        <elem>2</elem> <elem>3</elem> <elem>4</elem>
--      </table>
--    </table>
--    <table key="udp">
--      <elem key="port">2049</elem>
--      <table key="version">
--        <elem>2</elem> <elem>3</elem> <elem>4</elem>
--      </table>
--    </table>
--  </table>
--  <table key="100000">
--    <table key="tcp">
--      <elem key="port">111</elem>
--      <table key="version">
--        <elem>2</elem> <elem>3</elem> <elem>4</elem>
--      </table>
--    </table>
--    <table key="udp">
--      <elem key="port">111</elem>
--      <table key="version">
--        <elem>2</elem> <elem>3</elem> <elem>4</elem>
--      </table>
--    </table>
--  </table>
--</table>

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "default", "safe", "version"}


-- don't match "rpcbind" because that's what version scan labels any RPC service
portrule = shortport.portnumber(111, {"tcp", "udp"} )

action = function(host, port)

  local result = {}
  local status, rpcinfo = rpc.Helper.RpcInfo( host, port )
  local xmlout = {}

  if ( not(status) ) then
    return stdnse.format_output(false, rpcinfo)
  end

  for progid, v in pairs(rpcinfo) do
    xmlout[tostring(progid)] = v
    for proto, v2 in pairs(v) do
      if proto == "tcp" or proto == "udp" then
        local nmapport = nmap.get_port_state(host, {number=v2.port, protocol=proto})
        if nmapport and (nmapport.state == "open" or nmapport.state == "open|filtered") then
          nmapport.version = nmapport.version or {}
          -- If we don't already know it, or we only know that it's "rpcbind"
          if nmapport.service == nil or nmapport.version.service_dtype == "table" or port.service == "rpcbind" then
            nmapport.version.name = rpc.Util.ProgNumberToName(progid)
            nmapport.version.extrainfo = "RPC #" .. progid
            if #v2.version > 1 then
              nmapport.version.version = ("%d-%d"):format(v2.version[1], v2.version[#v2.version])
            else
              nmapport.version.version = tostring(v2.version[1])
            end
            nmap.set_port_version(host, nmapport, "softmatched")
          end
        end
      end

      table.insert( result, ("%-7d %-10s %5d/%s  %s"):format(progid, stdnse.strjoin(",", v2.version), v2.port, proto, rpc.Util.ProgNumberToName(progid) or "") )
    end
  end

  table.sort(result)

  if (#result > 0) then
    table.insert(result, 1, "program version   port/proto  service")
  end

  return xmlout, stdnse.format_output( true, result )
end