summaryrefslogtreecommitdiffstats
path: root/scripts/broadcast-netbios-master-browser.nse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--scripts/broadcast-netbios-master-browser.nse67
1 files changed, 67 insertions, 0 deletions
diff --git a/scripts/broadcast-netbios-master-browser.nse b/scripts/broadcast-netbios-master-browser.nse
new file mode 100644
index 0000000..8bf6006
--- /dev/null
+++ b/scripts/broadcast-netbios-master-browser.nse
@@ -0,0 +1,67 @@
+local netbios = require "netbios"
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local tab = require "tab"
+
+description = [[
+Attempts to discover master browsers and the domains they manage.
+]]
+
+---
+-- @usage
+-- nmap --script=broadcast-netbios-master-browser
+--
+-- @output
+-- | broadcast-netbios-master-browser:
+-- | ip server domain
+-- |_10.0.200.156 WIN2K3-EPI-1 WORKGROUP
+--
+
+-- Version 0.1
+-- Created 06/14/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"broadcast", "safe"}
+
+
+prerule = function() return true end
+
+local function isGroup(flags) return ( (flags & 0x8000) == 0x8000 ) end
+
+action = function()
+
+ -- NBNS only works over ipv4
+ if ( nmap.address_family() == "inet6") then return end
+
+ local MASTER_BROWSER_DOMAIN = 0x1D
+ local STD_WORKSTATION_SERVICE = 0x00
+ local NBNAME = "\1\2__MSBROWSE__\2\1"
+ local BROADCAST_ADDR = "255.255.255.255"
+
+ local status, result = netbios.nbquery( { ip = BROADCAST_ADDR }, NBNAME, { multiple = true })
+ if ( not(status) ) then return end
+
+ local outtab = tab.new(3)
+ tab.addrow(outtab, 'ip', 'server', 'domain')
+
+ for _, v in ipairs(result) do
+ local status, names, _ = netbios.do_nbstat(v.peer)
+ local srv_name, domain_name
+ if (status) then
+ for _, item in ipairs(names) do
+ if ( item.suffix == MASTER_BROWSER_DOMAIN and not(isGroup(item.flags)) ) then
+ domain_name = item.name
+ elseif ( item.suffix == STD_WORKSTATION_SERVICE and not(isGroup(item.flags)) ) then
+ srv_name = item.name
+ end
+ end
+ if ( srv_name and domain_name ) then
+ tab.addrow(outtab, v.peer, srv_name, domain_name)
+ else
+ stdnse.debug3("No server name or domain name was found")
+ end
+ end
+ end
+ return "\n" .. tab.dump(outtab)
+end
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 19:35:50 +0000