Nmap Development mailing list archives
afp-serverinfo.nse script
From: Andrew Orr <andrew () andreworr ca>
Date: Wed, 10 Feb 2010 00:10:12 -0600
Hi everyone,I wrote an nse script that queries an AFP (Apple Filing Protocol) server (TCP 548) for basic server information. Mostly to practice my lua/nse, but it may be useful for some, so here it is.
Attached is the script itself as well as a patch to nselib/afp.lua against svn revision 16706 (latest as of half hour ago or so).
I'm somewhat new to lua and nse so if there is anything blatantly wrong with how I'm doing things please let me know. The bulk of the code is in afp.lua.patch. It is well commented, especially the hackish parts :)
Also if someone could test this out and let me know if it doesn't work on certain servers, that would be great.
@Patrik: I fixed the null byte bug and it should work on all your test machines now.
Cheers, -Andrew P.S.Here's some example outputs from three machines, one running OS X 10.6.1 (localhost), one running Ubuntu 9.10 and netatalk 2.0.4~beta2-5ubuntu2 (172...) and one running on iPhone OS 3.1.2 and netatalk 2.0.4 (192...)
$ ./nmap -p 548 --script=afp-serverinfo.nse localhost 192.168.1.103 172.16.201.131
Starting Nmap 5.21 ( http://nmap.org ) at 2010-02-09 23:43 CST NSE: Script Scanning completed. Nmap scan report for localhost (127.0.0.1) Host is up (0.00022s latency). PORT STATE SERVICE 548/tcp open afp | afp-serverinfo: | | Server Flags: 0x8ffb | | Super Client: Yes | | UUIDs: No | | UTF8 Server Name: Yes | | Open Directory: Yes | | Reconnect: Yes | | Server Notifications: No | | TCP/IP: No | | Server Signature: No | | ServerMessages: Yes | | Password Saving Prohibited: Yes | | Password Changing: Yes | |_ Copy File: Yes | Server Name: thrall | Machine Type: MacBookPro1,1 | AFP Versions: AFP3.3, AFP3.2, AFP3.1, AFPX03 | UAMs: DHCAST128, DHX2, Recon1, Client Krb v2, No User Authent | Server Signature: 0x0000000000100080000016CB9A545306 | Network Address 1: 192.168.1.139:548 | Network Address 2: 10.211.55.2:548 | Network Address 3: 10.37.129.2:548 | Network Address 4: 172.16.52.1:548 | Network Address 5: 172.16.201.1:548 | Network Address 6: 192.168.1.139| Directory Name 1: afpserver/LKDC:SHA1.16D4F43CEBC3AD8C7D805EB9C667484B5A7280B0@LKDC:SHA1.16D4F43CEBC3AD8C7D805EB9C667484B5A7280B0
|_ UTF8 Server Name: thrall Nmap scan report for 192.168.1.103 Host is up (0.062s latency). PORT STATE SERVICE 548/tcp open afp | afp-serverinfo: | | Server Flags: 0x8359 | | Super Client: No | | UUIDs: No | | UTF8 Server Name: No | | Open Directory: Yes | | Reconnect: Yes | | Server Notifications: No | | TCP/IP: No | | Server Signature: No | | ServerMessages: No | | Password Saving Prohibited: No | | Password Changing: Yes | |_ Copy File: Yes | Server Name: localhost | Machine Type: Netatalk| AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1
| UAMs: DHX2, DHCAST128 | Server Signature: 0x00000000000000000000000000000001 | Network Address 1: 0.0.0.0 |_ UTF8 Server Name: localhost Nmap scan report for 172.16.201.131 Host is up (0.0034s latency). PORT STATE SERVICE 548/tcp open afp | afp-serverinfo: | | Server Flags: 0x8379 | | Super Client: No | | UUIDs: No | | UTF8 Server Name: No | | Open Directory: Yes | | Reconnect: Yes | | Server Notifications: No | | TCP/IP: No | | Server Signature: No | | ServerMessages: No | | Password Saving Prohibited: No | | Password Changing: Yes | |_ Copy File: Yes | Server Name: ubuntu | Machine Type: Netatalk| AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1
| UAMs: Cleartxt Passwrd, DHX2 | Server Signature: 0x017F0001017F0001017F0001017F0002 | Network Address 1: 172.16.201.131 | Network Address 2: ddp 65280.34:128 |_ UTF8 Server Name: ubuntu Nmap done: 3 IP addresses (3 hosts up) scanned in 1.89 seconds
Attachment:
afp.lua.patch
Description:
Attachment:
afp-serverinfo.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- afp-serverinfo.nse script Andrew Orr (Feb 09)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 10)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script David Fifield (Feb 15)
- Re: afp-serverinfo.nse script David Fifield (Feb 15)
- Re: afp-serverinfo.nse script David Fifield (Feb 25)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
- Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)