Server : Apache/2.4.18 (Ubuntu) System : Linux canvaswebdesign 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 User : oppastar ( 1041) PHP Version : 7.0.33-0ubuntu0.16.04.15 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, Directory : /usr/share/nmap/scripts/ |
Upload File : |
-- mcafee-epo-agent.nse V0.0.2, checks if ePO agent is running -- Developed by Didier Stevens and Daniel Miller -- Use at your own risk -- -- History: -- 2012/05/31: Start -- 2012/06/01: extracting data from XML; tested with ePO 4.5 and 4.6 -- 2012/06/05: V0.0.2 conversion to version script by Daniel Miller -- 2012/06/20: new portrule by Daniel Miller description = [[ Check if ePO agent is running on port 8081 or port identified as ePO Agent port. ]] --- -- @output -- PORT STATE SERVICE VERSION -- 8081/tcp open http McAfee ePolicy Orchestrator Agent 4.5.0.1852 (ePOServerName: EPOSERVER, AgentGuid: D2E157F4-B917-4D31-BEF0-32074BADF081) -- Service Info: Host: TESTSERVER author = "Didier Stevens, Daniel Miller" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"version", "safe"} local http = require "http" local nmap = require "nmap" local stdnse = require "stdnse" local string = require "string" portrule = function(host, port) if port.version ~= nil and port.version.product ~= nil then return ((port.version.product:find("[eE][pP]olicy Orch") or port.version.product:find("[eE]PO [aA]gent")) and nmap.version_intensity() >= 7) else return ((port.number == 8081 and port.protocol == "tcp") and nmap.version_intensity() >= 7) end end function ExtractXMLElement(xmlContent, elementName) return xmlContent:match("<" .. elementName .. ">([^<]*)</" .. elementName .. ">") end action = function(host, port) local options, data, epoServerName, agentGUID -- Change User-Agent string to MSIE so that the ePO agent will reply with XML options = {header={}} options['header']['User-Agent'] = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; mcafee-epo-agent)" data = http.get(host, port, '/', options) if data.body then stdnse.debug2("data.body:sub = %s", data.body:sub(1, 80)) if data.body:match('^<%?xml .*%?>%s*<naLog>') then port.version.hostname = ExtractXMLElement(data.body, "ComputerName") epoServerName = ExtractXMLElement(data.body, "ePOServerName") or "" port.version.version = ExtractXMLElement(data.body, "version") or "" agentGUID = ExtractXMLElement(data.body, "AgentGUID") or "" port.version.name = 'http' port.version.product = 'McAfee ePolicy Orchestrator Agent' port.version.extrainfo = string.format('ePOServerName: %s, AgentGuid: %s', epoServerName, agentGUID) nmap.set_port_version(host, port) return nil end end if nmap.verbosity() > 1 then return "ePO Agent not found" else return nil end end