diff options
Diffstat (limited to '')
| -rw-r--r-- | scripts/fox-info.nse | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/scripts/fox-info.nse b/scripts/fox-info.nse new file mode 100644 index 0000000..1480eeb --- /dev/null +++ b/scripts/fox-info.nse @@ -0,0 +1,139 @@ +local nmap = require "nmap" +local shortport = require "shortport" +local stdnse = require "stdnse" +local comm = require "comm" +local ipOps = require "ipOps" + +description = [[ +Tridium Niagara Fox is a protocol used within Building Automation Systems. Based +off Billy Rios and Terry McCorkle's work this Nmap NSE will collect information +from A Tridium Niagara system. + +http://digitalbond.com + +]] + +--- +-- @usage +-- nmap --script fox-info.nse -p 1911 <host> +-- +-- @output +-- 1911/tcp open Niagara Fox +-- | fox-info: +-- | fox.version: 1.0.1 +-- | hostName: xpvm-0omdc01xmy +-- | hostAddress: 192.168.1.1 +-- | app.name: Workbench +-- | app.version: 3.7.44 +-- | vm.name: Java HotSpot(TM) Server VM +-- | vm.version: 20.4-b02 +-- | os.name: Windows XP +-- | timeZone: America/Chicago +-- | hostId: Win-99CB-D49D-5442-07BB +-- | vmUuid: 8b530bc8-76c5-4139-a2ea-0fabd394d305 +-- |_ brandId: vykon +-- +-- @xmloutput +--<elem key="fox.version">1.0.1</elem> +--<elem key="hostName">xpvm-0omdc01xmy</elem> +--<elem key="hostAddress">192.168.1.1</elem> +--<elem key="app.name">Workbench</elem> +--<elem key="app.version">3.7.44</elem> +--<elem key="vm.name">Java HotSpot(TM) Server VM</elem> +--<elem key="vm.version">20.4-b02</elem> +--<elem key="os.Name">Windows XP</elem> +--<elem key="timeZone">America/Chicago</elem> +--<elem key="hostId">Win-99CB-D49D-5442-07BB</elem> +--<elem key="vmUuid">8b530bc8-76c5-4139-a2ea-0fabd394d305</elem> +--<elem key="brandId">vykon</elem> + +author = "Stephen Hilt (Digital Bond)" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"discovery", "version"} + + +portrule = shortport.version_port_or_service({1911, 4911}, "niagara-fox", "tcp") + +-- Action Function that is used to run the NSE. This function will send the +-- initial query to the host and port that were passed in via nmap. The +-- initial response is parsed to determine if host is a Niagara Fox device. If it +-- is then more actions are taken to gather extra information. +-- +-- @param host Host that was scanned via nmap +-- @param port port that was scanned via nmap +action = function(host, port) + --set the first query data for sending + local orig_query = + [==[fox a 1 -1 fox hello +{ +fox.version=s:1.0 +id=i:1 +};; +]==] + + -- receive response + local socket, response, proto = comm.tryssl(host, port, orig_query) + if not socket then + stdnse.debug1( "Receive error: %s", response) + return nil + end + socket:close() + + if proto == "ssl" then + port.version.service_tunnel = "ssl" + end + + local pos = response:find("{") + if not pos or not response:match("^fox a 0") then + stdnse.debug1("Not Niagara Fox protocol") + return nil + end + + -- output table that will be returned to nmap + local to_return = stdnse.output_table() + + local set = function (key, value) + to_return[key] = value + end + + local dispatch = { + hostName = function (key, value) + if not ipOps.ip_to_str(value) then + -- If this is an IP address, don't set it as a hostname + port.version.hostname = value + end + to_return[key] = value + end, + hostAddress = set, + ["fox.version"] = set, + ["app.name"] = set, + ["app.version"] = set, + ["vm.name"] = set, + ["vm.version"] = set, + ["os.name"] = set, + timeZone = function (key, value) + to_return[key] = value:match("^[^;]+") + end, + hostId = set, + vmUuid = set, + brandId = set, + fatal = set, -- sometimes reports a fatal error about unsupported + } + + for key, value in response:gmatch("\n([%w.]+)=s:([^\n]+)") do + local act = dispatch[key] + if act then + act(key, value) + end + end + + if #to_return <= 0 then + return nil + end + + port.version.name = "niagara-fox" + nmap.set_port_version(host, port) + + -- return output table to nmap + return to_return +end |