Created
February 4, 2012 10:21
-
-
Save bcoles/1736950 to your computer and use it in GitHub Desktop.
http-3com-nbx-info.nse - Attempts to retrieve device information from a 3COM NBX phone system using the web interface. The web interface (NBX NetSet utility) runs on port 80 by default.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description = [[ | |
Attempts to retrieve device information from a 3COM NBX phone system using the | |
web interface. The web interface (NBX NetSet utility) runs on port 80 by | |
default. | |
]] | |
--- | |
-- @usage | |
-- nmap --script http-3com-nbx-info -p <port> <host> | |
-- | |
-- @output | |
-- PORT STATE SERVICE REASON | |
-- 80/tcp open http syn-ack | |
-- | http-3com-nbx-info: | |
-- | Model: V3000 | |
-- | Firmware Version: R6_0_63 (Jun 9 2008) | |
-- |_ Supervisory Monitoring: DISABLED | |
-- | |
-- @changelog | |
-- 2012-02-04 - created by Brendan Coles - itsecuritysolutions.org | |
-- | |
author = "Brendan Coles [itsecuritysolutions.org]" | |
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" | |
categories = {"safe", "discovery"} | |
require("url") | |
require("http") | |
require("stdnse") | |
require("shortport") | |
portrule = shortport.port_or_service (80, "http", "tcp") | |
action = function(host, port) | |
local result = {} | |
local path = "/" | |
-- Retrieve login page / | |
stdnse.print_debug(1, ("%s: Connecting to %s:%s"):format(SCRIPT_NAME, host.targetname or host.ip, port.number)) | |
data = http.get(host, port, path) | |
-- Check if the login page exists | |
if not data or not data.status or not data.body or data.body == "" then | |
stdnse.print_debug(1, "%s: Failed to retrieve HTTP content: %s", SCRIPT_NAME, path) | |
return | |
end | |
-- Check if the login page is valid for a 3COM NBX phone | |
stdnse.print_debug(2, "%s: HTTP %s: %s", SCRIPT_NAME, data.status, path) | |
if not string.match(data.body, 'NBX NetSet') then | |
stdnse.print_debug(1, ("%s: %s:%s is not a 3COM NBX phone."):format(SCRIPT_NAME, host.targetname or host.ip, port.number)) | |
return | |
end | |
-- Extract system info | |
stdnse.print_debug(1, "%s: Extracting system info from %s", SCRIPT_NAME, path) | |
-- Model | |
local model = string.match(data.body, '<span class="splashTitlePlatform"> ([^<]+)<\/span>') | |
if model then table.insert(result, string.format("Model: %s", model)) end | |
-- Firmware Version | |
local firmware_version = string.match(data.body, 'Version: ([^<]+)<') | |
local firmware_date = string.match(data.body, 'Created: ([^\r\n]+)') | |
if firmware_version and firmware_date then table.insert(result, string.format("Firmware Version: %s (%s)", firmware_version, firmware_date)) end | |
-- Supervisory Monitoring | |
local supervisory_monitoring = string.match(data.body, 'SUPERVISORY MONITORING IS ([A-Z]+)') | |
if supervisory_monitoring then table.insert(result, string.format("Supervisory Monitoring: %s", supervisory_monitoring)) end | |
-- Return results | |
return stdnse.format_output(true, result) | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment