Nmap Development mailing list archives
[NSE] New script for PPTP version detection
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Wed, 14 Nov 2007 10:29:30 -0600
Hello, The Point-to-Point Tunneling Protocol (PPTP) RFC [1] defines fields in the connection control setup packets for system hostname, vendor name, and firmware version. These seem like interesting things to try and gather, so here's an NSE script that does just that. Example output: PORT STATE SERVICE VERSION 1723/tcp open pptp YAMAHA Corporation (Firmware: 32838) Service Info: Host: RT57i PORT STATE SERVICE VERSION 1723/tcp open pptp DrayTek (Firmware: 1) Service Info: Host: Vigor PORT STATE SERVICE VERSION 1723/tcp open pptp Cisco Systems (Firmware: 4608) Service Info: Host: main The script doesn't have any heuristics, which could be useful. For example, Microsoft reports the operating system build number in the firmware field, which could be compared to known values to identify what generation of Windows a particular host is running. If there's interest in such heuristics, I'd be happy to add them as time allows. Comments, questions, and feedback are very much appreciated! Thanks, Thomas [1] http://www.ietf.org/rfc/rfc2637.txt
Attachment:
PPTPversion.nse
Description: PPTPversion.nse
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] New script for PPTP version detection Thomas Buchanan (Nov 14)
- Re: [NSE] New script for PPTP version detection Fyodor (Nov 14)