summaryrefslogtreecommitdiffstats
path: root/scripts/citrix-enum-apps-xml.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/citrix-enum-apps-xml.nse')
-rw-r--r--scripts/citrix-enum-apps-xml.nse154
1 files changed, 154 insertions, 0 deletions
diff --git a/scripts/citrix-enum-apps-xml.nse b/scripts/citrix-enum-apps-xml.nse
new file mode 100644
index 0000000..f5fab28
--- /dev/null
+++ b/scripts/citrix-enum-apps-xml.nse
@@ -0,0 +1,154 @@
+local citrixxml = require "citrixxml"
+local nmap = require "nmap"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Extracts a list of applications, ACLs, and settings from the Citrix XML
+service.
+
+The script returns more output with higher verbosity.
+]]
+
+---
+-- @usage
+-- nmap --script=citrix-enum-apps-xml -p 80,443,8080 <host>
+--
+-- @output
+-- PORT STATE SERVICE
+-- 8080/tcp open http-proxy
+-- | citrix-enum-apps-xml:
+-- | Application: Notepad; Users: Anonymous
+-- | Application: iexplorer; Users: Anonymous
+-- |_ Application: registry editor; Users: WIN-B4RL0SUCJ29\Joe; Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*
+--
+-- PORT STATE SERVICE
+-- 8080/tcp open http-proxy
+-- | citrix-enum-apps-xml:
+-- | Application: Notepad
+-- | Disabled: false
+-- | Desktop: false
+-- | On Desktop: false
+-- | Encryption: basic
+-- | Encryption enforced: true
+-- | In start menu: false
+-- | Publisher: labb1farm
+-- | SSL: false
+-- | Remote Access: false
+-- | Users: Anonymous
+-- | Application: iexplorer
+-- | Disabled: false
+-- | Desktop: false
+-- | On Desktop: false
+-- | Encryption: basic
+-- | Encryption enforced: true
+-- | In start menu: false
+-- | Publisher: labb1farm
+-- | SSL: false
+-- | Remote Access: false
+-- | Users: Anonymous
+-- | Application: registry editor
+-- | Disabled: false
+-- | Desktop: false
+-- | On Desktop: false
+-- | Encryption: basic
+-- | Encryption enforced: true
+-- | In start menu: false
+-- | Publisher: labb1farm
+-- | SSL: false
+-- | Remote Access: false
+-- | Users: WIN-B4RL0SUCJ29\Joe
+-- |_ Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*
+
+-- Version 0.2
+-- Created 11/26/2009 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+-- Revised 12/02/2009 - v0.2 - Use stdnse.format_ouput for output
+-- Revised 12/16/2014 - v0.3 - Detect if encryption settings are minimum requirements
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+
+portrule = shortport.portnumber({8080,80,443}, "tcp")
+
+--- Creates a table which is suitable for use with stdnse.format_output
+--
+-- @param appdata table with results from parse_appdata_response
+-- @param mode string short or long, see usage above
+-- @return table suitable for stdnse.format_output
+function format_output(appdata, mode)
+
+ local result = {}
+ local setting_titles = { {appisdisabled="Disabled"}, {appisdesktop="Desktop"}, {AppOnDesktop="On Desktop"},
+ {Encryption="Encryption"}, {EncryptionEnforced="Encryption enforced"}, {AppInStartmenu="In start menu"},
+ {PublisherName="Publisher"}, {SSLEnabled="SSL"}, {RemoteAccessEnabled="Remote Access"} }
+
+
+ if mode == "short" then
+ for app_name, AppData in ipairs(appdata) do
+ local line = "Application: " .. AppData.FName
+
+ if AppData.AccessList then
+
+ if AppData.AccessList.User then
+ line = line .. "; Users: " .. table.concat(AppData.AccessList.User, ", ")
+ end
+
+ if AppData.AccessList.Group then
+ line = line .. "; Groups: " .. table.concat(AppData.AccessList.Group, ", ")
+ end
+
+ table.insert(result, line)
+ end
+ end
+
+ else
+
+ for app_name, AppData in ipairs(appdata) do
+ local result_part = {}
+
+ result_part.name = "Application: " .. AppData.FName
+
+ local settings = AppData.Settings
+
+ for _, setting_pairs in ipairs(setting_titles) do
+ for setting_key, setting_title in pairs(setting_pairs) do
+ local setting_value = settings[setting_key] and settings[setting_key] or ""
+ table.insert(result_part, setting_title .. ": " .. setting_value )
+ end
+ end
+
+
+ if AppData.AccessList then
+ if AppData.AccessList.User then
+ table.insert(result_part, "Users: " .. table.concat(AppData.AccessList.User, ", ") )
+ end
+
+ if AppData.AccessList.Group then
+ table.insert(result_part, "Groups: " .. table.concat(AppData.AccessList.Group, ", ") )
+ end
+
+ table.insert(result, result_part)
+ end
+
+ end
+
+ end
+
+ return result
+
+end
+
+
+action = function(host,port)
+
+ local response = citrixxml.request_appdata(host, port, {ServerAddress="",attr={addresstype="dot"},DesiredDetails={"all","access-list"} })
+ local appdata = citrixxml.parse_appdata_response(response)
+
+ local response = format_output(appdata, (nmap.verbosity() > 1 and "long" or "short"))
+
+ return stdnse.format_output(true, response)
+
+end