diff options
Diffstat (limited to 'scripts/weblogic-t3-info.nse')
| -rw-r--r-- | scripts/weblogic-t3-info.nse | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/scripts/weblogic-t3-info.nse b/scripts/weblogic-t3-info.nse new file mode 100644 index 0000000..f630dc0 --- /dev/null +++ b/scripts/weblogic-t3-info.nse @@ -0,0 +1,91 @@ +local comm = require "comm" +local string = require "string" +local shortport = require "shortport" +local nmap = require "nmap" + +description = "Detect the T3 RMI protocol and Weblogic version" +author = {"Alessandro ZANNI <alessandro.zanni@bt.com>", "Daniel Miller"} +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"default","safe","discovery","version"} + +portrule = function(host, port) + if type(port.version) == "table" and port.version.name_confidence > 3 and port.version.product ~= nil then + return string.find(port.version.product, "WebLogic", 1, true) and nmap.version_intensity() >= 7 + end + return shortport.version_port_or_service({7001,7002,7003},"http")(host,port) +end + +action = function(host, port) + local status, result = comm.exchange(host, port, + "t3 12.1.2\nAS:2048\nHL:19\n\n") + + if (not status) then + return nil + end + + local weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.") + + local rval = nil + port.version = port.version or {} + local extrainfo = port.version.extrainfo + if extrainfo == nil then + extrainfo = "" + else + extrainfo = extrainfo .. "; " + end + if weblogic_version then + if weblogic_version == "12.1.2" then + status, result = comm.exchange(host, port, + "t3 11.1.2\nAS:2048\nHL:19\n\n") + weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.") + if weblogic_version == "11.1.2" then + -- Server just echoes whatever version we send. + rval = "T3 protocol in use (Unknown WebLogic version)" + else + port.version.version = weblogic_version + rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")" + end + else + port.version.version = weblogic_version + rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")" + end + port.version.extrainfo = extrainfo .. "T3 enabled" + elseif string.match(result, "^LGIN:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (handshake failed)" + elseif string.match(result, "^SERV:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (No such service)" + elseif string.match(result, "^UNAV:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (Service unavailable)" + elseif string.match(result, "^LICN:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (No license)" + elseif string.match(result, "^RESC:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (No resource)" + elseif string.match(result, "^VERS:") then + weblogic_version = string.match(result, "^VERS:Incompatible versions %- this server:(%d+%.%d+%.%d+%.%d+)") + if weblogic_version then + port.version.version = weblogic_version + end + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (Incompatible version)" + elseif string.match(result, "^CATA:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (Catastrophic failure)" + elseif string.match(result, "^CMND:") then + port.version.extrainfo = extrainfo .. "T3 enabled" + rval = "T3 protocol in use (No such command)" + end + + if rval then + if port.version.product == nil then + port.version.product = "WebLogic application server" + end + nmap.set_port_version(host, port, "hardmatched") + end + + return rval +end |