summaryrefslogtreecommitdiffstats
path: root/scripts/epmd-info.nse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--scripts/epmd-info.nse69
1 files changed, 69 insertions, 0 deletions
diff --git a/scripts/epmd-info.nse b/scripts/epmd-info.nse
new file mode 100644
index 0000000..b43cb3f
--- /dev/null
+++ b/scripts/epmd-info.nse
@@ -0,0 +1,69 @@
+local nmap = require "nmap"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local string = require "string"
+
+description = [[
+Connects to Erlang Port Mapper Daemon (epmd) and retrieves a list of nodes with their respective port numbers.
+]]
+
+---
+-- @usage
+-- nmap -p 4369 --script epmd-info <target>
+--
+-- @output
+-- PORT STATE SERVICE
+-- 4369/tcp open epmd
+-- | epmd-info.nse:
+-- | epmd_port: 4369
+-- | nodes:
+-- | rabbit: 36804
+-- |_ ejabberd: 46540
+-- @xmloutput
+-- <elem key="epmd_port">4369</elem>
+-- <table key="nodes">
+-- <elem key="rabbit">36804</elem>
+-- <elem key="ejabberd">46540</elem>
+-- </table>
+
+author = "Toni Ruottu"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"default", "discovery", "safe"}
+
+portrule = shortport.port_or_service (4369, "epmd")
+
+action = function(host, port)
+ local socket = nmap.new_socket()
+ socket:set_timeout(stdnse.get_timeout(host))
+ local try = nmap.new_try(function () socket:close() end)
+ try(socket:connect(host, port))
+
+ try(socket:send("\x00\x01n")) -- NAMESREQ = 110
+
+ local getline = stdnse.make_buffer(socket, "\n")
+
+ local data, err = getline()
+ if data == nil then
+ stdnse.debug2("Error on receive: %s", err)
+ socket:close()
+ return nil
+ end
+
+ local realport, pos = string.unpack(">I4", data)
+ data = string.sub(data, pos)
+
+ local nodes = stdnse.output_table()
+ local name, port
+ while data and data ~= "" do
+ name, port = data:match("^name (.*) at port (%d+)")
+ if name then
+ nodes[name] = port
+ end
+ data = getline()
+ end
+
+ local response = stdnse.output_table()
+ response.epmd_port = realport
+ response.nodes = nodes
+ return response
+end