From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- scripts/ovs-agent-version.nse | 78 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 scripts/ovs-agent-version.nse (limited to 'scripts/ovs-agent-version.nse') diff --git a/scripts/ovs-agent-version.nse b/scripts/ovs-agent-version.nse new file mode 100644 index 0000000..96135e6 --- /dev/null +++ b/scripts/ovs-agent-version.nse @@ -0,0 +1,78 @@ +local http = require "http" +local nmap = require "nmap" +local shortport = require "shortport" +local string = require "string" + +description = [[ +Detects the version of an Oracle Virtual Server Agent by fingerprinting +responses to an HTTP GET request and an XML-RPC method call. + +Version 2.2 of Virtual Server Agent returns a distinctive string in response to an +HTTP GET request. However versions 3.0 and 3.0.1 return a generic response that +looks like any other BaseHTTP/SimpleXMLRPCServer. Versions 2.2 and 3.0 return a +distinctive error message in response to a system.listMethods +XML-RPC call, which however does not distinguish the two versions. Version 3.0.1 +returns a response to system.listMethods that is different from +that of both version 2.2 and 3.0. Therefore we use this strategy: (1.) Send a +GET request. If the version 2.2 string is returned, return "2.2". (2.) Send a +system.listMethods method call. If an error is +returned, return "3.0" or "3.0.1", depending on the specific format of the +error. +]] + +categories = {"version"} + +--- +-- @output +-- PORT STATE SERVICE REASON VERSION +-- 8899/tcp open ssl/ovs-agent syn-ack Oracle Virtual Server Agent 3.0 (BaseHTTP 0.3; Python SimpleXMLRPCServer; Python 2.5.2) + +author = "David Fifield" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + + +portrule = shortport.version_port_or_service({8899}) + +local function set_port_version(host, port, version, server) + port.version.name = "ovs-agent" + port.version.product = "Oracle Virtual Server Agent" + port.version.version = version + if server then + local basehttp, python = string.match(server, "^BaseHTTP/([%d.]+) Python/([%d.]+)") + if basehttp and python then + port.version.extrainfo = string.format("BaseHTTP %s; Python SimpleXMLRPCServer; Python %s", basehttp, python) + end + end + nmap.set_port_version(host, port) +end + +function action(host, port) + local response + local version = {} + + response = http.get(host, port, "/") + if response.status == 200 and string.match(response.body, + "Python: OVSAgentServer Document") then + set_port_version(host, port, "2.2", response.header["server"]) + return + end + + -- So much for version 2.2. If the response to GET was 501, then we may + -- have a version 3.0 or 3.0.1. + if not (response.status == 501) then + return + end + + response = http.post(host, port, "/", + {header = {["Content-Type"] = "text/xml"}}, nil, + "system.listMethods") + if response.status == 403 and string.match(response.body, + "Message: Unauthorized HTTP Access Attempt from %('[%d.]+', %d+%)!%.") then + set_port_version(host, port, "3.0", response.header["server"]) + return + elseif response.status == 403 and string.match(response.body, + "Message: Unauthorized access attempt from %('[%d.]+', %d+%)!%.") then + set_port_version(host, port, "3.0.1", response.header["server"]) + return + end +end -- cgit v1.2.3