1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
local shortport = require "shortport"
local socks = require "socks"
local table = require "table"
description = [[
Determines the supported authentication mechanisms of a remote SOCKS
proxy server. Starting with SOCKS version 5 socks servers may support
authentication. The script checks for the following authentication
types:
0 - No authentication
1 - GSSAPI
2 - Username and password
]]
---
-- @usage
-- nmap -p 1080 <ip> --script socks-auth-info
--
-- @output
-- PORT STATE SERVICE
-- 1080/tcp open socks
-- | socks-auth-info:
-- | No authentication
-- |_ Username and password
--
-- @xmloutput
-- <table>
-- <elem key="method">0</elem>
-- <elem key="name">No authentication</elem>
-- </table>
-- <table>
-- <elem key="method">2</elem>
-- <elem key="name">Username and password</elem>
-- </table>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "default"}
portrule = shortport.port_or_service({1080, 9050}, {"socks", "socks5", "tor-socks"})
action = function(host, port)
local helper = socks.Helper:new(host, port)
local auth_methods = {}
-- iterate over all authentication methods as the server only responds with
-- a single supported one if we send a list.
local mt = { __tostring = function(t) return t.name end }
for _, method in pairs(socks.AuthMethod) do
local status, response = helper:connect( method )
if ( status ) then
local out = {
method = response.method,
name = helper:authNameByNumber(response.method)
}
setmetatable(out, mt)
table.insert(auth_methods, out)
end
end
helper:close()
if ( 0 == #auth_methods ) then return end
return auth_methods
end
|
