scripts/afp-showmount.nse


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

local afp = require "afp"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

description = [[
Shows AFP shares and ACLs.
]]

---
--
--@output
-- PORT    STATE SERVICE
-- 548/tcp open  afp
-- | afp-showmount:
-- |   Yoda's Public Folder
-- |     Owner: Search,Read,Write
-- |     Group: Search,Read
-- |     Everyone: Search,Read
-- |     User: Search,Read
-- |   Vader's Public Folder
-- |     Owner: Search,Read,Write
-- |     Group: Search,Read
-- |     Everyone: Search,Read
-- |     User: Search,Read
-- |_    Options: IsOwner

-- Version 0.4
-- Created 01/03/2010 - v0.1 - created by Patrik Karlsson
-- Revised 01/13/2010 - v0.2 - Fixed a bug where a single share wouldn't show due to formatting issues
-- Revised 01/20/2010 - v0.3 - removed superfluous functions
-- Revised 05/03/2010 - v0.4 - cleaned up and added dependency to afp-brute and added support for credentials
--                             by argument or registry


author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}


dependencies = {"afp-brute"}

portrule = shortport.portnumber(548, "tcp")

action = function(host, port)

  local status, response, shares
  local result = {}
  local afpHelper = afp.Helper:new()
  local args = nmap.registry.args
  local users = nmap.registry.afp or { ['nil'] = 'nil' }

  if ( args['afp.username'] ) then
    users = {}
    users[args['afp.username']] = args['afp.password']
  end

  for username, password in pairs(users) do

    status, response = afpHelper:OpenSession(host, port)
    if ( not status ) then
      stdnse.debug1("%s", response)
      return
    end

    -- if we have a username attempt to authenticate as the user
    -- Attempt to use No User Authentication?
    if ( username ~= 'nil' ) then
      status, response = afpHelper:Login(username, password)
    else
      status, response = afpHelper:Login()
    end

    if ( not status ) then
      stdnse.debug1("Login failed")
      stdnse.debug3("Login error: %s", response)
      return
    end

    status, shares = afpHelper:ListShares()

    if status then
      for _, vol in ipairs( shares ) do
        local status, response = afpHelper:GetSharePermissions( vol )
        if status then
          response.name = vol
          table.insert(result, response)
        end
      end
    end

    status, response = afpHelper:Logout()
    status, response = afpHelper:CloseSession()

    if ( result ) then
      return stdnse.format_output(true, result)
    end
  end
  return
end