diff options
Diffstat (limited to '')
-rw-r--r-- | scripts/broadcast-pc-anywhere.nse | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/scripts/broadcast-pc-anywhere.nse b/scripts/broadcast-pc-anywhere.nse new file mode 100644 index 0000000..6e61460 --- /dev/null +++ b/scripts/broadcast-pc-anywhere.nse @@ -0,0 +1,72 @@ +local nmap = require "nmap" +local os = require "os" +local stdnse = require "stdnse" +local table = require "table" + +description = [[ +Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN. +]] + +--- +-- @usage +-- nmap --script broadcast-pc-anywhere +-- +-- @output +-- Pre-scan script results: +-- | broadcast-pc-anywhere: +-- |_ 10.0.200.113 - WIN2K3SRV-1 +-- +-- @args broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff +-- the network interface. (default varies according to timing. -T3 = 5s) + +author = "Patrik Karlsson" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = { "broadcast", "safe" } + +local TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args("broadcast-pc-anywhere.timeout")) + +prerule = function() return ( nmap.address_family() == "inet") end + +action = function() + + + local host = { ip = "255.255.255.255" } + local port = { number = 5632, protocol = "udp" } + + local socket = nmap.new_socket("udp") + socket:set_timeout(500) + + for i=1,2 do + local status = socket:sendto(host, port, "NQ") + if ( not(status) ) then + return stdnse.format_output(false, "Failed to send broadcast request") + end + end + + local timeout = TIMEOUT or ( 20 / ( nmap.timing_level() + 1 ) ) + local responses = {} + local stime = os.time() + + repeat + local status, data = socket:receive() + if ( status ) then + local srvname = data:match("^NR([^_]*)_*AHM_3___\0$") + if ( srvname ) then + local status, _, _, rhost, _ = socket:get_info() + if ( not(status) ) then + socket:close() + return false, "Failed to get socket information" + end + -- avoid duplicates + responses[rhost] = srvname + end + end + until( os.time() - stime > timeout ) + socket:close() + + local result = {} + for ip, name in pairs(responses) do + table.insert(result, ("%s - %s"):format(ip,name)) + end + return stdnse.format_output(true, result) +end |