1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
local json = require "json"
local nmap = require "nmap"
local stdnse = require "stdnse"
local tab = require "tab"
local target = require "target"
local table = require "table"
description = [[
Listens for the LAN sync information broadcasts that the Dropbox.com client
broadcasts every 20 seconds, then prints all the discovered client IP
addresses, port numbers, version numbers, display names, and more.
If the <code>newtargets</code> script argument is given, all discovered Dropbox
clients will be added to the Nmap target list rather than just listed in the
output.
]]
---
-- @usage
-- nmap --script=broadcast-dropbox-listener
-- nmap --script=broadcast-dropbox-listener --script-args=newtargets -Pn
-- @output
-- Pre-scan script results:
-- | broadcast-dropbox-listener:
-- | displayname ip port version host_int namespaces
-- |_noob 192.168.0.110 17500 1.8 34176083 26135075
--
-- Pre-scan script results:
-- | broadcast-dropbox-listener:
-- | displayname ip port version host_int namespaces
-- |_noob 192.168.0.110 17500 1.8 34176083 26135075
-- Nmap scan report for 192.168.0.110
-- Host is up (0.00073s latency).
-- Not shown: 997 filtered ports
-- PORT STATE SERVICE
-- 139/tcp open netbios-ssn
-- 445/tcp open microsoft-ds
-- 1047/tcp open neod1
author = {"Ron Bowes", "Mak Kolybabi", "Andrew Orr", "Russ Tait Milne"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
local DROPBOX_BROADCAST_PERIOD = 20
local DROPBOX_PORT = 17500
prerule = function()
return true
end
action = function()
-- Start listening for broadcasts.
local sock = nmap.new_socket("udp")
sock:set_timeout(2 * DROPBOX_BROADCAST_PERIOD * 1000)
local status, result = sock:bind(nil, DROPBOX_PORT)
if not status then
stdnse.debug1("Could not bind on port %d: %s", DROPBOX_PORT, result)
sock:close()
return
end
-- Keep track of the IDs we've already seen.
local ids = {}
-- Initialize the output table.
local results = tab.new(6)
tab.addrow(
results,
'displayname',
'ip',
'port',
'version',
'host_int',
'namespaces'
)
local status, result = sock:receive()
while status do
-- Parse JSON.
local status, info = json.parse(result)
if status then
-- Get IP address of broadcasting host.
local status, _, _, ip, _ = sock:get_info()
if not status then
stdnse.debug1("Failed to get socket info.")
break
end
stdnse.debug1("Received broadcast from host %s (%s).", info.displayname, ip)
-- Check if we've already seen this ID.
if ids[info.host_int] then
-- We can stop now, since we've seen the same ID twice
-- If ever a host sends a broadcast twice in a row, this will
-- artificially stop the listener. I can't think of a workaround
-- for now, so this will have to do.
break
end
ids[info.host_int] = true
-- Add host scan list.
if target.ALLOW_NEW_TARGETS then
target.add(ip)
end
-- Add host to list.
for _, key1 in pairs({"namespaces", "version"}) do
for key2, val in pairs(info[key1]) do
info[key1][key2] = tostring(info[key1][key2])
end
end
tab.addrow(
results,
info.displayname,
ip,
info.port,
table.concat(info.version, "."),
info.host_int,
table.concat(info.namespaces, ", ")
)
stdnse.debug1("Added host %s.", info.displayname)
end
status, result = sock:receive()
end
sock:close()
-- If no broadcasts received, don't output anything.
if not next(ids) then
return
end
-- Format table, without trailing newline.
results = tab.dump(results)
results = results:sub(1, #results - 1)
return "\n" .. results
end
|
