summaryrefslogtreecommitdiffstats
path: root/scripts/mysql-info.nse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--scripts/mysql-info.nse132
1 files changed, 132 insertions, 0 deletions
diff --git a/scripts/mysql-info.nse b/scripts/mysql-info.nse
new file mode 100644
index 0000000..5d37ae1
--- /dev/null
+++ b/scripts/mysql-info.nse
@@ -0,0 +1,132 @@
+local mysql = require "mysql"
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Connects to a MySQL server and prints information such as the protocol and
+version numbers, thread ID, status, capabilities, and the password salt.
+
+If service detection is performed and the server appears to be blocking
+our host or is blocked because of too many connections, then this script
+isn't run (see the portrule).
+]]
+
+---
+-- @output
+-- 3306/tcp open mysql
+-- | mysql-info:
+-- | Protocol: 10
+-- | Version: 5.0.51a-3ubuntu5.1
+-- | Thread ID: 7
+-- | Capabilities flags: 40968
+-- | Some Capabilities: ConnectWithDatabase, SupportsTransactions, Support41Auth
+-- | Status: Autocommit
+-- |_ Salt: bYyt\NQ/4V6IN+*3`imj
+--
+--@xmloutput
+-- <elem key="Protocol">10</elem>
+-- <elem key="Version">5.0.51a-3ubuntu5.1</elem>
+-- <elem key="Thread ID">7</elem>
+-- <elem key="Capabilities flags">40968</elem>
+-- <table key="Some Capabilities">
+-- <elem>ConnectWithDatabase</elem>
+-- <elem>SupportsTransactions</elem>
+-- <elem>Support41Auth</elem>
+-- </table>
+-- <elem key="Status">Autocommit</elem>
+-- <elem key="Salt">bYyt\NQ/4V6IN+*3`imj</elem>
+
+-- Many thanks to jah (jah@zadkiel.plus.com) for testing and enhancements
+
+author = "Kris Katterjohn"
+
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+
+categories = { "default", "discovery", "safe" }
+
+--- Converts a number to a string description of the capabilities
+--@param num Start of the capabilities data
+--@return table containing the names of the capabilities offered
+local bitset = function(num, lookup)
+ local caps = {}
+
+ for k, v in pairs(lookup) do
+ if num & v > 0 then
+ caps[#caps+1] = k
+ end
+ end
+
+ return caps
+end
+
+portrule = function(host, port)
+ local extra = port.version.extrainfo
+
+ return (port.number == 3306 or port.service == "mysql")
+ and port.protocol == "tcp"
+ and port.state == "open"
+ and not (extra ~= nil
+ and (extra:match("[Uu]nauthorized")
+ or extra:match("[Tt]oo many connection")))
+end
+
+action = function(host, port)
+ local output = stdnse.output_table()
+ local socket = nmap.new_socket()
+
+ local status, err = socket:connect(host, port)
+
+ if not status then
+ stdnse.debug1("error connecting: %s", err)
+ return nil
+ end
+
+ local status, info = mysql.receiveGreeting(socket)
+
+ if not status then
+ stdnse.debug1("MySQL error: %s", info)
+ output["MySQL Error"] = info
+ if nmap.verbosity() > 1 then
+ return output
+ else
+ return nil
+ end
+ end
+
+ output["Protocol"] = info.proto
+ output["Version"] = info.version
+ output["Thread ID"] = info.threadid
+
+ if info.proto == 10 then
+ output["Capabilities flags"] = info.capabilities
+ local caps = bitset(info.capabilities, mysql.Capabilities)
+ if info.extcapabilities then
+ local extcaps = bitset(info.extcapabilities, mysql.ExtCapabilities)
+ for i, c in ipairs(extcaps) do
+ caps[#caps+1] = c
+ end
+ end
+ if #caps > 0 then
+ setmetatable(caps, {
+ __tostring = function (self)
+ return table.concat(self, ", ")
+ end
+ })
+ output["Some Capabilities"] = caps
+ end
+
+ if info.status == 2 then
+ output["Status"] = "Autocommit"
+ else
+ output["Status"] = info.status
+ end
+
+ output["Salt"] = info.salt
+
+ output["Auth Plugin Name"] = info.auth_plugin_name
+ end
+
+ return output
+end
+