Citrix scripts

[Patrik Karlsson <patrik () cqure net>]

Hi all,

I have re-worked and documented my Citrix scripts and made some changes and additions. 
The new scripts target the XML Service rather than the ICA Browser and therefore can do more.

As an example the XML versions of the application enumeration script does not only fetch a list of all published 
applications but also the required user or group memberships needed to access them. It will also find applications 
published anonymously. 

The Citrix XML Service usually listens to ports 80, 443 or 8080. It can be identified by the following server header: 
"Citrix Web PN Server". It can also "share ports" with IIS by running as an ISAP filter.

I am attaching a zip file with the lot and a brief explanation of each file. 
Feedback, suggestions and bug reports are most welcome!

The zip contains 6 files:

citrix-enum-apps-xml.nse 
- A script that queries the Citrix XML Service for a list of applications

citrix-enum-apps.nse 
- A script that queries the ICA Browser for a list of applications

citrix-enum-servers-xml.nse 
-A script that queries the Citrix XML Service for a list of Citrix servers

citrix-enum-servers.nse 
- A script that queries the ICA Browser for a list of Citrix servers

citrix-brute-xml.nse 
- A script that attempts to guess usernames and passwords against the Citrix XML service
- It allows you to perform password guessing against the local Windows server or the domain

citrixxml.lua
- The library containing some of the many XML requests and response parsers

Attachment: citrix-nmap-scripts-v0.2.zip
Description:

--
Patrik Karlsson
http://www.cqure.net




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/