summaryrefslogtreecommitdiffstats
path: root/scripts/broadcast-pc-anywhere.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/broadcast-pc-anywhere.nse')
-rw-r--r--scripts/broadcast-pc-anywhere.nse72
1 files changed, 72 insertions, 0 deletions
diff --git a/scripts/broadcast-pc-anywhere.nse b/scripts/broadcast-pc-anywhere.nse
new file mode 100644
index 0000000..6e61460
--- /dev/null
+++ b/scripts/broadcast-pc-anywhere.nse
@@ -0,0 +1,72 @@
+local nmap = require "nmap"
+local os = require "os"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN.
+]]
+
+---
+-- @usage
+-- nmap --script broadcast-pc-anywhere
+--
+-- @output
+-- Pre-scan script results:
+-- | broadcast-pc-anywhere:
+-- |_ 10.0.200.113 - WIN2K3SRV-1
+--
+-- @args broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff
+-- the network interface. (default varies according to timing. -T3 = 5s)
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = { "broadcast", "safe" }
+
+local TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args("broadcast-pc-anywhere.timeout"))
+
+prerule = function() return ( nmap.address_family() == "inet") end
+
+action = function()
+
+
+ local host = { ip = "255.255.255.255" }
+ local port = { number = 5632, protocol = "udp" }
+
+ local socket = nmap.new_socket("udp")
+ socket:set_timeout(500)
+
+ for i=1,2 do
+ local status = socket:sendto(host, port, "NQ")
+ if ( not(status) ) then
+ return stdnse.format_output(false, "Failed to send broadcast request")
+ end
+ end
+
+ local timeout = TIMEOUT or ( 20 / ( nmap.timing_level() + 1 ) )
+ local responses = {}
+ local stime = os.time()
+
+ repeat
+ local status, data = socket:receive()
+ if ( status ) then
+ local srvname = data:match("^NR([^_]*)_*AHM_3___\0$")
+ if ( srvname ) then
+ local status, _, _, rhost, _ = socket:get_info()
+ if ( not(status) ) then
+ socket:close()
+ return false, "Failed to get socket information"
+ end
+ -- avoid duplicates
+ responses[rhost] = srvname
+ end
+ end
+ until( os.time() - stime > timeout )
+ socket:close()
+
+ local result = {}
+ for ip, name in pairs(responses) do
+ table.insert(result, ("%s - %s"):format(ip,name))
+ end
+ return stdnse.format_output(true, result)
+end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-12 11:38:03 +0000