scripts/citrix-enum-apps-xml.nse


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

local citrixxml = require "citrixxml"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

description = [[
Extracts a list of applications, ACLs, and settings from the Citrix XML
service.

The script returns more output with higher verbosity.
]]

---
-- @usage
-- nmap --script=citrix-enum-apps-xml -p 80,443,8080 <host>
--
-- @output
-- PORT     STATE SERVICE
-- 8080/tcp open  http-proxy
-- | citrix-enum-apps-xml:
-- |   Application: Notepad; Users: Anonymous
-- |   Application: iexplorer; Users: Anonymous
-- |_  Application: registry editor; Users: WIN-B4RL0SUCJ29\Joe; Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*
--
-- PORT     STATE SERVICE
-- 8080/tcp open  http-proxy
-- | citrix-enum-apps-xml:
-- |   Application: Notepad
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     Encryption enforced: true
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: Anonymous
-- |   Application: iexplorer
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     Encryption enforced: true
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: Anonymous
-- |   Application: registry editor
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     Encryption enforced: true
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: WIN-B4RL0SUCJ29\Joe
-- |_    Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*

-- Version 0.2
-- Created 11/26/2009 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 12/02/2009 - v0.2 - Use stdnse.format_ouput for output
-- Revised 12/16/2014 - v0.3 - Detect if encryption settings are minimum requirements

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}


portrule = shortport.portnumber({8080,80,443}, "tcp")

--- Creates a table which is suitable for use with stdnse.format_output
--
-- @param appdata table with results from parse_appdata_response
-- @param mode string short or long, see usage above
-- @return table suitable for stdnse.format_output
function format_output(appdata, mode)

  local result = {}
  local setting_titles = { {appisdisabled="Disabled"}, {appisdesktop="Desktop"}, {AppOnDesktop="On Desktop"},
    {Encryption="Encryption"}, {EncryptionEnforced="Encryption enforced"}, {AppInStartmenu="In start menu"},
    {PublisherName="Publisher"}, {SSLEnabled="SSL"}, {RemoteAccessEnabled="Remote Access"} }


  if mode == "short" then
    for app_name, AppData in ipairs(appdata) do
      local line = "Application: " .. AppData.FName

      if AppData.AccessList then

        if AppData.AccessList.User then
          line = line .. "; Users: " ..  table.concat(AppData.AccessList.User, ", ")
        end

        if AppData.AccessList.Group then
          line = line .. "; Groups: " .. table.concat(AppData.AccessList.Group, ", ")
        end

        table.insert(result, line)
      end
    end

  else

    for app_name, AppData in ipairs(appdata) do
      local result_part = {}

      result_part.name = "Application: " .. AppData.FName

      local settings = AppData.Settings

      for _, setting_pairs in ipairs(setting_titles) do
        for setting_key, setting_title in pairs(setting_pairs) do
          local setting_value = settings[setting_key] and settings[setting_key] or ""
          table.insert(result_part, setting_title .. ": " .. setting_value )
        end
      end


      if AppData.AccessList then
        if AppData.AccessList.User then
          table.insert(result_part, "Users: " .. table.concat(AppData.AccessList.User, ", ") )
        end

        if AppData.AccessList.Group then
          table.insert(result_part, "Groups: " .. table.concat(AppData.AccessList.Group, ", ") )
        end

        table.insert(result, result_part)
      end

    end

  end

  return result

end


action = function(host,port)

  local response = citrixxml.request_appdata(host, port, {ServerAddress="",attr={addresstype="dot"},DesiredDetails={"all","access-list"} })
  local appdata = citrixxml.parse_appdata_response(response)

  local response = format_output(appdata, (nmap.verbosity() > 1 and "long" or "short"))

  return stdnse.format_output(true, response)

end