summaryrefslogtreecommitdiffstats
path: root/scripts/netbus-version.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/netbus-version.nse')
-rw-r--r--scripts/netbus-version.nse54
1 files changed, 54 insertions, 0 deletions
diff --git a/scripts/netbus-version.nse b/scripts/netbus-version.nse
new file mode 100644
index 0000000..c8332fc
--- /dev/null
+++ b/scripts/netbus-version.nse
@@ -0,0 +1,54 @@
+local nmap = require "nmap"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+
+description = [[
+Extends version detection to detect NetBuster, a honeypot service
+that mimes NetBus.
+]]
+
+---
+-- @usage
+-- nmap -sV -p 12345 --script netbus-version <target>
+--
+-- @output
+-- 12345/tcp open netbus Netbuster (honeypot)
+
+author = "Toni Ruottu"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"version"}
+
+
+portrule = shortport.version_port_or_service ({}, "netbus", {"tcp"})
+
+action = function( host, port )
+
+ local socket = nmap.new_socket()
+ socket:set_timeout(5000)
+ local status, err = socket:connect(host, port)
+ if not status then
+ return
+ end
+ local buffer, _ = stdnse.make_buffer(socket, "\r")
+ _ = buffer()
+ if not (_ and _:match("^NetBus")) then
+ stdnse.debug1("Not NetBus")
+ return nil
+ end
+ socket:send("Password;0;\r")
+
+ --NetBus answers to auth
+ if buffer() ~= nil then
+ return
+ end
+
+ --NetBuster does not
+ port.version.name = "netbus"
+ port.version.product = "NetBuster"
+ port.version.extrainfo = "honeypot"
+ port.version.version = nil
+ nmap.set_port_version(host, port)
+ return
+end
+
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 23:29:18 +0000