Nmap Development mailing list archives
Re: Citrix scripts
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 4 Dec 2009 00:58:52 +0100
On 4 dec 2009, at 00.48, Thomas Buchanan wrote:
Patrik Karlsson wrote:Hi all, I have re-worked and documented my Citrix scripts and made some changes and additions. The new scripts target the XML Service rather than the ICA Browser and therefore can do more. As an example the XML versions of the application enumeration script does not only fetch a list of all published applications but also the required user or group memberships needed to access them. It will also find applications published anonymously. The Citrix XML Service usually listens to ports 80, 443 or 8080. It can be identified by the following server header: "Citrix Web PN Server". It can also "share ports" with IIS by running as an ISAP filter. I am attaching a zip file with the lot and a brief explanation of each file. Feedback, suggestions and bug reports are most welcome!Patrik, I ran your scripts against a couple of test servers that I have access to, and they worked great for me, both on the ICA browser service and the XML service. My servers are configured to share port 80 with IIS, and your scripts handled that perfectly. Example output: PORT STATE SERVICE VERSION 1604/udp open icabrowser Citrix MetaFrame | citrix-enum-servers: | WIN2003 |_ WIN2003-ICA2 | citrix-enum-apps: | Adobe Reader | Internet Explorer | Microsoft Access 2003 | Microsoft Excel 2003 | Microsoft Outlook 2003 | Microsoft PowerPoint 2003 | Microsoft Publisher 2003 |_ Microsoft Word 2003 PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS webserver 6.0 | citrix-enum-servers-xml: | WIN2003 |_ WIN2003-ICA2 | citrix-enum-apps-xml: | Application: Adobe Reader; Groups: WIN2003\Users | Application: Internet Explorer; Groups: WIN2003\Users | Application: Microsoft Access 2003; Groups: WIN2003\Users | Application: Microsoft Excel 2003; Groups: WIN2003\Users | Application: Microsoft Outlook 2003; Groups: WIN2003\Users | Application: Microsoft PowerPoint 2003; Groups: WIN2003\Users | Application: Microsoft Publisher 2003; Groups: WIN2003\Users |_ Application: Microsoft Word 2003; Groups: WIN2003\Users I had one question as I reviewed the output: is there any way to determine the IP address of the detected systems in citrix-enum-servers? That would be an excellent additional source of information, but I don't know whether that's included in the server responses or not. Thanks, Thomas
Hi Thomas, It's not included in the response, but I think it might be possible to request using another function. I'll look into it and get back. Btw. running nmap in verbose mode (-v) gives you a lot more details in the result of citrix-enum-apps-xml. //Patrik -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Citrix scripts Patrik Karlsson (Dec 02)
- Re: Citrix scripts Thomas Buchanan (Dec 03)
- Re: Citrix scripts Patrik Karlsson (Dec 03)
- Re: Citrix scripts David Fifield (Dec 13)
- Re: Citrix scripts Patrik Karlsson (Dec 14)
- Re: Citrix scripts Tom Sellers (Dec 19)
- Re: Citrix scripts Patrik Karlsson (Dec 21)
- Re: Citrix scripts Thomas Buchanan (Dec 03)