diff options
Diffstat (limited to 'scripts/citrix-enum-apps-xml.nse')
-rw-r--r-- | scripts/citrix-enum-apps-xml.nse | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/scripts/citrix-enum-apps-xml.nse b/scripts/citrix-enum-apps-xml.nse new file mode 100644 index 0000000..f5fab28 --- /dev/null +++ b/scripts/citrix-enum-apps-xml.nse @@ -0,0 +1,154 @@ +local citrixxml = require "citrixxml" +local nmap = require "nmap" +local shortport = require "shortport" +local stdnse = require "stdnse" +local table = require "table" + +description = [[ +Extracts a list of applications, ACLs, and settings from the Citrix XML +service. + +The script returns more output with higher verbosity. +]] + +--- +-- @usage +-- nmap --script=citrix-enum-apps-xml -p 80,443,8080 <host> +-- +-- @output +-- PORT STATE SERVICE +-- 8080/tcp open http-proxy +-- | citrix-enum-apps-xml: +-- | Application: Notepad; Users: Anonymous +-- | Application: iexplorer; Users: Anonymous +-- |_ Application: registry editor; Users: WIN-B4RL0SUCJ29\Joe; Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS* +-- +-- PORT STATE SERVICE +-- 8080/tcp open http-proxy +-- | citrix-enum-apps-xml: +-- | Application: Notepad +-- | Disabled: false +-- | Desktop: false +-- | On Desktop: false +-- | Encryption: basic +-- | Encryption enforced: true +-- | In start menu: false +-- | Publisher: labb1farm +-- | SSL: false +-- | Remote Access: false +-- | Users: Anonymous +-- | Application: iexplorer +-- | Disabled: false +-- | Desktop: false +-- | On Desktop: false +-- | Encryption: basic +-- | Encryption enforced: true +-- | In start menu: false +-- | Publisher: labb1farm +-- | SSL: false +-- | Remote Access: false +-- | Users: Anonymous +-- | Application: registry editor +-- | Disabled: false +-- | Desktop: false +-- | On Desktop: false +-- | Encryption: basic +-- | Encryption enforced: true +-- | In start menu: false +-- | Publisher: labb1farm +-- | SSL: false +-- | Remote Access: false +-- | Users: WIN-B4RL0SUCJ29\Joe +-- |_ Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS* + +-- Version 0.2 +-- Created 11/26/2009 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> +-- Revised 12/02/2009 - v0.2 - Use stdnse.format_ouput for output +-- Revised 12/16/2014 - v0.3 - Detect if encryption settings are minimum requirements + +author = "Patrik Karlsson" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"discovery", "safe"} + + +portrule = shortport.portnumber({8080,80,443}, "tcp") + +--- Creates a table which is suitable for use with stdnse.format_output +-- +-- @param appdata table with results from parse_appdata_response +-- @param mode string short or long, see usage above +-- @return table suitable for stdnse.format_output +function format_output(appdata, mode) + + local result = {} + local setting_titles = { {appisdisabled="Disabled"}, {appisdesktop="Desktop"}, {AppOnDesktop="On Desktop"}, + {Encryption="Encryption"}, {EncryptionEnforced="Encryption enforced"}, {AppInStartmenu="In start menu"}, + {PublisherName="Publisher"}, {SSLEnabled="SSL"}, {RemoteAccessEnabled="Remote Access"} } + + + if mode == "short" then + for app_name, AppData in ipairs(appdata) do + local line = "Application: " .. AppData.FName + + if AppData.AccessList then + + if AppData.AccessList.User then + line = line .. "; Users: " .. table.concat(AppData.AccessList.User, ", ") + end + + if AppData.AccessList.Group then + line = line .. "; Groups: " .. table.concat(AppData.AccessList.Group, ", ") + end + + table.insert(result, line) + end + end + + else + + for app_name, AppData in ipairs(appdata) do + local result_part = {} + + result_part.name = "Application: " .. AppData.FName + + local settings = AppData.Settings + + for _, setting_pairs in ipairs(setting_titles) do + for setting_key, setting_title in pairs(setting_pairs) do + local setting_value = settings[setting_key] and settings[setting_key] or "" + table.insert(result_part, setting_title .. ": " .. setting_value ) + end + end + + + if AppData.AccessList then + if AppData.AccessList.User then + table.insert(result_part, "Users: " .. table.concat(AppData.AccessList.User, ", ") ) + end + + if AppData.AccessList.Group then + table.insert(result_part, "Groups: " .. table.concat(AppData.AccessList.Group, ", ") ) + end + + table.insert(result, result_part) + end + + end + + end + + return result + +end + + +action = function(host,port) + + local response = citrixxml.request_appdata(host, port, {ServerAddress="",attr={addresstype="dot"},DesiredDetails={"all","access-list"} }) + local appdata = citrixxml.parse_appdata_response(response) + + local response = format_output(appdata, (nmap.verbosity() > 1 and "long" or "short")) + + return stdnse.format_output(true, response) + +end |