diff options
Diffstat (limited to 'scripts/cccam-version.nse')
-rw-r--r-- | scripts/cccam-version.nse | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/scripts/cccam-version.nse b/scripts/cccam-version.nse new file mode 100644 index 0000000..a7cdaf7 --- /dev/null +++ b/scripts/cccam-version.nse @@ -0,0 +1,63 @@ +local nmap = require "nmap" +local shortport = require "shortport" +local formulas = require "formulas" + +description = [[ +Detects the CCcam service (software for sharing subscription TV among +multiple receivers). + +The service normally runs on port 12000. It distinguishes +itself by printing 16 random-looking bytes upon receiving a +connection. + +Because the script attempts to detect "random-looking" bytes, it has a small +chance of failing to detect the service when the data do not seem random +enough.]] + +categories = {"version"} + +author = "David Fifield" + +local NUM_TRIALS = 2 + +local function trial(host, port) + local status, data, s + + s = nmap.new_socket() + status, data = s:connect(host, port) + if not status then + return + end + + status, data = s:receive_bytes(0) + if not status then + s:close() + return + end + s:close() + + return data +end + +portrule = shortport.version_port_or_service({10000, 10001, 12000, 12001, 16000, 16001}, "cccam") + +function action(host, port) + local seen = {} + + -- Try a couple of times to see that the response isn't constant. (But + -- more trials also increase the chance that we will reject a legitimate + -- cccam service.) + for i = 1, NUM_TRIALS do + local data + + data = trial(host, port) + if not data or seen[data] or #data ~= 16 or not formulas.looksRandom(data) then + return + end + seen[data] = true + end + + port.version.name = "cccam" + port.version.version = "CCcam DVR card sharing system" + nmap.set_port_version(host, port) +end |