1 files changed, 145 insertions, 0 deletions

diff --git a/scripts/riak-http-info.nse b/scripts/riak-http-info.nse
new file mode 100644
index 0000000..9bbde25
--- /dev/null
+++ b/scripts/riak-http-info.nse
@@ -0,0 +1,145 @@
+local http = require "http"
+local json = require "json"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local tab = require "tab"
+
+description = [[
+Retrieves information (such as node name and architecture) from a Basho Riak distributed database using the HTTP protocol.
+]]
+
+---
+-- @usage
+-- nmap -p 8098 <ip> --script riak-http-info
+--
+-- @output
+-- PORT     STATE SERVICE
+-- 8098/tcp open  http
+-- | riak-http-info:
+-- |   Node name                  riak@127.0.0.1
+-- |   Architecture               x86_64-unknown-linux-gnu
+-- |   Storage backend            riak_kv_bitcask_backend
+-- |   Total Memory               516550656
+-- |   Crypto version             2.0.3
+-- |   Skerl version              1.1.0
+-- |   OS mon. version            2.2.6
+-- |   Basho version              1.0.1
+-- |   Lager version              0.9.4
+-- |   Cluster info version       1.2.0
+-- |   Luke version               0.2.4
+-- |   SASL version               2.1.9.4
+-- |   System driver version      1.5
+-- |   Bitcask version            1.3.0
+-- |   Riak search version        1.0.2
+-- |   Riak kernel version        2.14.4
+-- |   Riak stdlib version        1.17.4
+-- |   Basho metrics version      1.0.0
+-- |   WebMachine version         1.9.0
+-- |   Public key version         0.12
+-- |   Riak vore version          1.0.2
+-- |   Riak pipe version          1.0.2
+-- |   Runtime tools version      1.8.5
+-- |   SSL version                4.1.5
+-- |   MochiWeb version           1.5.1
+-- |   Erlang JavaScript version  1.0.0
+-- |   Riak kv version            1.0.2
+-- |   Luwak version              1.1.2
+-- |   Merge index version        1.0.1
+-- |   Inets version              5.6
+-- |_  Riak sysmon version        1.0.0
+--
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+
+portrule = shortport.port_or_service(8098, "http")
+
+local filter = {
+  ["sys_system_architecture"] = { name = "Architecture" },
+  ["mem_total"] = { name = "Total Memory" },
+  ["crypto_version"] = { name = "Crypto version" },
+  ["skerl_version"] = { name = "Skerl version" },
+  ["os_mon_version"] = { name = "OS mon. version" },
+  ["nodename"] = { name = "Node name" },
+  ["basho_stats_version"] = { name = "Basho version" },
+  ["lager_version"] = { name = "Lager version" },
+  ["cluster_info_version"] = { name = "Cluster info version" },
+  ["luke_version"] = { name = "Luke version" },
+  ["sasl_version"] = { name = "SASL version" },
+  ["sys_driver_version"] = { name = "System driver version" },
+  ["bitcask_version"] = { name = "Bitcask version" },
+  ["riak_search_version"] = { name = "Riak search version" },
+  ["kernel_version"] = { name = "Riak kernel version" },
+  ["stdlib_version"] = { name = "Riak stdlib version" },
+  ["basho_metrics_version"] = { name = "Basho metrics version" },
+  ["webmachine_version"] = { name = "WebMachine version" },
+  ["public_key_version"] = { name = "Public key version" },
+  ["riak_core_version"] = { name = "Riak vore version" },
+  ["riak_pipe_version"] = { name = "Riak pipe version" },
+  ["runtime_tools_version"] = { name = "Runtime tools version" },
+  ["ssl_version"] = { name = "SSL version" },
+  ["mochiweb_version"] = { name = "MochiWeb version"},
+  ["erlang_js_version"] = { name = "Erlang JavaScript version" },
+  ["riak_kv_version"] = { name = "Riak kv version" },
+  ["luwak_version"] = { name = "Luwak version"},
+  ["merge_index_version"] = { name = "Merge index version" },
+  ["inets_version"] = { name = "Inets version" },
+  ["storage_backend"] = { name = "Storage backend" },
+  ["riak_sysmon_version"] = { name = "Riak sysmon version" },
+}
+
+local order = {
+  "nodename", "sys_system_architecture", "storage_backend", "mem_total",
+  "crypto_version", "skerl_version", "os_mon_version", "basho_stats_version",
+  "lager_version", "cluster_info_version", "luke_version", "sasl_version",
+  "sys_driver_version", "bitcask_version", "riak_search_version",
+  "kernel_version", "stdlib_version", "basho_metrics_version",
+  "webmachine_version", "public_key_version", "riak_core_version",
+  "riak_pipe_version", "runtime_tools_version", "ssl_version",
+  "mochiweb_version", "erlang_js_version", "riak_kv_version",
+  "luwak_version", "merge_index_version", "inets_version", "riak_sysmon_version"
+}
+
+
+local function fail(err) return stdnse.format_output(false, err) end
+
+action = function(host, port)
+
+  local response = http.get(host, port, "/stats")
+
+  if ( not(response) or response.status ~= 200 ) then
+    return
+  end
+
+  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
+  local status_404, result_404, _ = http.identify_404(host,port)
+  if ( status_404 and result_404 == 200 ) then
+    stdnse.debug1("Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", host.ip, port.number)
+    return nil
+  end
+
+  -- Silently abort if the server responds as anything different than
+  -- MochiWeb
+  if ( response.header['server'] and
+      not(response.header['server']:match("MochiWeb")) ) then
+    return
+  end
+
+  local status, parsed = json.parse(response.body)
+  if ( not(status) ) then
+    return fail("Failed to parse response")
+  end
+
+  local result = tab.new(2)
+  for _, item in ipairs(order) do
+    if ( parsed[item] ) then
+      local name = filter[item].name
+      local val = ( filter[item].func and filter[item].func(parsed[item]) or parsed[item] )
+      tab.addrow(result, name, val)
+    end
+  end
+  return stdnse.format_output(true, tab.dump(result))
+
+end