summaryrefslogtreecommitdiffstats
path: root/scripts/afp-serverinfo.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/afp-serverinfo.nse')
-rw-r--r--scripts/afp-serverinfo.nse175
1 files changed, 175 insertions, 0 deletions
diff --git a/scripts/afp-serverinfo.nse b/scripts/afp-serverinfo.nse
new file mode 100644
index 0000000..d192e0f
--- /dev/null
+++ b/scripts/afp-serverinfo.nse
@@ -0,0 +1,175 @@
+local afp = require "afp"
+local nmap = require "nmap"
+local outlib = require "outlib"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Shows AFP server information. This information includes the server's
+hostname, IPv4 and IPv6 addresses, and hardware type (for example
+<code>Macmini</code> or <code>MacBookPro</code>).
+]]
+
+---
+-- @output
+-- PORT STATE SERVICE
+-- 548/tcp open afp
+-- | afp-serverinfo:
+-- | Server Flags:
+-- | Flags hex: 0x837d
+-- | Super Client: true
+-- | UUIDs: false
+-- | UTF8 Server Name: true
+-- | Open Directory: true
+-- | Reconnect: false
+-- | Server Notifications: true
+-- | TCP/IP: true
+-- | Server Signature: true
+-- | Server Messages: true
+-- | Password Saving Prohibited: true
+-- | Password Changing: false
+-- | Copy File: true
+-- | Server Name: foobardigital
+-- | Machine Type: Netatalk
+-- | AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1
+-- | UAMs: DHX2
+-- | Server Signature: bbeb480e00000000bbeb480e00000000
+-- | Network Addresses:
+-- | 192.0.2.235
+-- | foobardigital.com
+-- |_ UTF8 Server Name: foobardigital
+--
+-- @xmloutput
+-- <table key="Server Flags">
+-- <elem key="Flags hex">0x837d</elem>
+-- <elem key="Super Client">true</elem>
+-- <elem key="UUIDs">false</elem>
+-- <elem key="UTF8 Server Name">true</elem>
+-- <elem key="Open Directory">true</elem>
+-- <elem key="Reconnect">false</elem>
+-- <elem key="Server Notifications">true</elem>
+-- <elem key="TCP/IP">true</elem>
+-- <elem key="Server Signature">true</elem>
+-- <elem key="Server Messages">true</elem>
+-- <elem key="Password Saving Prohibited">true</elem>
+-- <elem key="Password Changing">false</elem>
+-- <elem key="Copy File">true</elem>
+-- </table>
+-- <elem key="Server Name">foobardigital</elem>
+-- <elem key="Machine Type">Netatalk</elem>
+-- <table key="AFP Versions">
+-- <elem>AFPVersion 1.1</elem>
+-- <elem>AFPVersion 2.0</elem>
+-- <elem>AFPVersion 2.1</elem>
+-- <elem>AFP2.2</elem>
+-- <elem>AFPX03</elem>
+-- <elem>AFP3.1</elem>
+-- </table>
+-- <table key="UAMs">
+-- <elem>DHX2</elem>
+-- </table>
+-- <elem key="Server Signature">
+-- bbeb480e00000000bbeb480e00000000</elem>
+-- <table key="Network Addresses">
+-- <elem>192.0.2.235</elem>
+-- <elem>foobardigital.com</elem>
+-- </table>
+-- <elem key="UTF8 Server Name">foobardigital</elem>
+
+-- Version 0.2
+-- Created 2010/02/09 - v0.1 - created by Andrew Orr
+-- Revised 2010/02/10 - v0.2 - added checks for optional fields
+-- Revised 2015/02/25 - v0.3 - XML structured output
+
+author = "Andrew Orr"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"default", "discovery", "safe"}
+
+
+portrule = shortport.port_or_service(548, "afp")
+
+action = function(host, port)
+
+ local socket = nmap.new_socket()
+ local status
+ local result = stdnse.output_table()
+ local temp
+
+ -- set a reasonable timeout value
+ socket:set_timeout(5000)
+
+ -- do some exception handling / cleanup
+ local catch = function()
+ socket:close()
+ end
+
+ local try = nmap.new_try(catch)
+
+ try( socket:connect(host, port) )
+
+ -- get our data
+ local afp_proto = afp.Proto:new( { socket=socket } )
+
+ local response = afp_proto:fp_get_server_info( socket )
+ response = response.result
+
+ -- all the server information is output in the order it occurs in the server
+ -- response. It might be better rearranged?
+
+ -- output the server flags nicely
+ -- Would like to just pass response.flags, but key ordering would be more
+ -- work than it's worth.
+ local flags = stdnse.output_table()
+ flags["Flags hex"] = ("0x%04x"):format(response.flags.raw)
+ flags["Super Client"] = response.flags.SuperClient
+ flags["UUIDs"] = response.flags.UUIDs
+ flags["UTF8 Server Name"] = response.flags.UTF8ServerName
+ flags["Open Directory"] = response.flags.OpenDirectory
+ flags["Reconnect"] = response.flags.Reconnect
+ flags["Server Notifications"] = response.flags.ServerNotifications
+ flags["TCP/IP"] = response.flags.TCPoverIP
+ flags["Server Signature"] = response.flags.ServerSignature
+ flags["Server Messages"] = response.flags.ServerMessages
+ flags["Password Saving Prohibited"] = response.flags.NoPasswordSaving
+ flags["Password Changing"] = response.flags.ChangeablePasswords
+ flags["Copy File"] = response.flags.CopyFile
+
+ result["Server Flags"] = flags
+
+ -- other info
+ result["Server Name"] = response.server_name
+ result["Machine Type"] = response.machine_type
+
+ -- list the supported AFP versions
+ result["AFP Versions"] = response.afp_versions
+ outlib.list_sep(result["AFP Versions"])
+
+ -- list the supported UAMs (User Authentication Modules)
+ result["UAMs"] = response.uams
+ outlib.list_sep(result["UAMs"])
+
+ -- server signature, not sure of the format here so just showing a hex string
+ if response.flags.ServerSignature then
+ result["Server Signature"] = stdnse.tohex(response.server_signature)
+ end
+
+ -- listing the network addresses one line each
+ -- the default for Mac OS X AFP server is to bind everywhere, so this will
+ -- list all network interfaces that the machine has
+ if response.network_addresses_count > 0 then
+ result["Network Addresses"] = response.network_addresses
+ end
+
+ -- similar to above
+ if response.directory_names_count > 0 then
+ result["Directory Names"] = response.directory_names
+ end
+
+ -- and finally the utf8 server name
+ if response.flags.UTF8ServerName then
+ result["UTF8 Server Name"] = response.utf8_server_name
+ end
+
+ return result
+end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 23:22:32 +0000