70 lines
1.7 KiB
Lua
70 lines
1.7 KiB
Lua
local nmap = require "nmap"
|
|
local shortport = require "shortport"
|
|
local stdnse = require "stdnse"
|
|
local string = require "string"
|
|
|
|
description = [[
|
|
Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers.
|
|
]]
|
|
|
|
---
|
|
-- @usage
|
|
-- nmap -p 4369 --script epmd-info <target>
|
|
--
|
|
-- @output
|
|
-- PORT STATE SERVICE
|
|
-- 4369/tcp open epmd
|
|
-- | epmd-info.nse:
|
|
-- | epmd_port: 4369
|
|
-- | nodes:
|
|
-- | rabbit: 36804
|
|
-- |_ ejabberd: 46540
|
|
-- @xmloutput
|
|
-- <elem key="epmd_port">4369</elem>
|
|
-- <table key="nodes">
|
|
-- <elem key="rabbit">36804</elem>
|
|
-- <elem key="ejabberd">46540</elem>
|
|
-- </table>
|
|
|
|
author = "Toni Ruottu"
|
|
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
|
|
categories = {"default", "discovery", "safe"}
|
|
|
|
portrule = shortport.port_or_service (4369, "epmd")
|
|
|
|
action = function(host, port)
|
|
local socket = nmap.new_socket()
|
|
socket:set_timeout(stdnse.get_timeout(host))
|
|
local try = nmap.new_try(function () socket:close() end)
|
|
try(socket:connect(host, port))
|
|
|
|
try(socket:send("\x00\x01n")) -- NAMESREQ = 110
|
|
|
|
local getline = stdnse.make_buffer(socket, "\n")
|
|
|
|
local data, err = getline()
|
|
if data == nil then
|
|
stdnse.debug2("Error on receive: %s", err)
|
|
socket:close()
|
|
return nil
|
|
end
|
|
|
|
local realport, pos = string.unpack(">I4", data)
|
|
data = string.sub(data, pos)
|
|
|
|
local nodes = stdnse.output_table()
|
|
local name, port
|
|
while data and data ~= "" do
|
|
name, port = data:match("^name (.*) at port (%d+)")
|
|
if name then
|
|
nodes[name] = port
|
|
end
|
|
data = getline()
|
|
end
|
|
|
|
local response = stdnse.output_table()
|
|
response.epmd_port = realport
|
|
response.nodes = nodes
|
|
return response
|
|
end
|