summaryrefslogtreecommitdiffstats
path: root/scripts/cccam-version.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/cccam-version.nse')
-rw-r--r--scripts/cccam-version.nse63
1 files changed, 63 insertions, 0 deletions
diff --git a/scripts/cccam-version.nse b/scripts/cccam-version.nse
new file mode 100644
index 0000000..a7cdaf7
--- /dev/null
+++ b/scripts/cccam-version.nse
@@ -0,0 +1,63 @@
+local nmap = require "nmap"
+local shortport = require "shortport"
+local formulas = require "formulas"
+
+description = [[
+Detects the CCcam service (software for sharing subscription TV among
+multiple receivers).
+
+The service normally runs on port 12000. It distinguishes
+itself by printing 16 random-looking bytes upon receiving a
+connection.
+
+Because the script attempts to detect "random-looking" bytes, it has a small
+chance of failing to detect the service when the data do not seem random
+enough.]]
+
+categories = {"version"}
+
+author = "David Fifield"
+
+local NUM_TRIALS = 2
+
+local function trial(host, port)
+ local status, data, s
+
+ s = nmap.new_socket()
+ status, data = s:connect(host, port)
+ if not status then
+ return
+ end
+
+ status, data = s:receive_bytes(0)
+ if not status then
+ s:close()
+ return
+ end
+ s:close()
+
+ return data
+end
+
+portrule = shortport.version_port_or_service({10000, 10001, 12000, 12001, 16000, 16001}, "cccam")
+
+function action(host, port)
+ local seen = {}
+
+ -- Try a couple of times to see that the response isn't constant. (But
+ -- more trials also increase the chance that we will reject a legitimate
+ -- cccam service.)
+ for i = 1, NUM_TRIALS do
+ local data
+
+ data = trial(host, port)
+ if not data or seen[data] or #data ~= 16 or not formulas.looksRandom(data) then
+ return
+ end
+ seen[data] = true
+ end
+
+ port.version.name = "cccam"
+ port.version.version = "CCcam DVR card sharing system"
+ nmap.set_port_version(host, port)
+end