Nmap eigenes Script Beispiele: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 35: | Zeile 35: | ||
Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds | Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds | ||
| + | </pre> | ||
| + | =Checkmk Agent unverschlüsselt= | ||
| + | ==Skript== | ||
| + | *vi checkmk-plain.nse | ||
| + | <pre> | ||
| + | description = [[ | ||
| + | Checks if an unencrypted Checkmk Agent is responding on port 6556. | ||
| + | If the header <<<check_mk>>> is found, it is considered a potential information disclosure vulnerability. | ||
| + | ]] | ||
| + | |||
| + | author = "Thomas" | ||
| + | license = "Same as Nmap--See https://nmap.org/book/man-legal.html" | ||
| + | categories = {"default", "discovery", "vuln"} | ||
| + | |||
| + | portrule = function(host, port) | ||
| + | return port.number == 6556 and port.protocol == "tcp" | ||
| + | end | ||
| + | |||
| + | action = function(host, port) | ||
| + | local socket = nmap.new_socket() | ||
| + | socket:set_timeout(3000) | ||
| + | local status, err = socket:connect(host.ip, port.number) | ||
| + | if not status then | ||
| + | return "Connection failed: " .. err | ||
| + | end | ||
| + | |||
| + | local data | ||
| + | status, data = socket:receive_lines(1) | ||
| + | socket:close() | ||
| + | |||
| + | if status and data and data:find("<<<check_mk>>>") then | ||
| + | return "Unencrypted Checkmk Agent detected - potential information disclosure!" | ||
| + | end | ||
| + | end | ||
</pre> | </pre> | ||
Version vom 10. August 2025, 12:25 Uhr
Echt Koelnisch Wasser
Skript
- vi echtkoelnisch.nse
description = [[
Prüft, ob Port 4711 offen ist, und gibt eine Nachricht aus:
"Dies riecht nach Echt Kölnisch Wasser".
]]
author = "Thomas"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery"}
portrule = function(host, port)
return port.number == 4711 and port.protocol == "tcp"
end
action = function(host, port)
if port.state == "open" then
return "Port 4711 offen. Dies riecht nach Echt Koelnisch Wasser!"
end
end
Aufruf
- nmap --script ./echtkoelnisch.nse -p 4711 10.0.10.104
Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-10 14:14 CEST Nmap scan report for opfer.secure.local (10.0.10.104) Host is up (0.00093s latency). PORT STATE SERVICE 4711/tcp open trinity-dist |_echtkoelnisch: Port 4711 offen. Dies riecht nach Echt Koelnisch Wasser! MAC Address: 08:00:27:70:6B:BA (PCS Systemtechnik/Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds
Checkmk Agent unverschlüsselt
Skript
- vi checkmk-plain.nse
description = [[
Checks if an unencrypted Checkmk Agent is responding on port 6556.
If the header <<<check_mk>>> is found, it is considered a potential information disclosure vulnerability.
]]
author = "Thomas"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "vuln"}
portrule = function(host, port)
return port.number == 6556 and port.protocol == "tcp"
end
action = function(host, port)
local socket = nmap.new_socket()
socket:set_timeout(3000)
local status, err = socket:connect(host.ip, port.number)
if not status then
return "Connection failed: " .. err
end
local data
status, data = socket:receive_lines(1)
socket:close()
if status and data and data:find("<<<check_mk>>>") then
return "Unencrypted Checkmk Agent detected - potential information disclosure!"
end
end