Nmap Development mailing list archives

Re: DAAP script

From: David Fifield <david () bamsoftware com>
Date: Mon, 25 Jan 2010 16:23:38 -0700

On Sat, Jan 23, 2010 at 11:28:20AM +0100, Patrik Karlsson wrote:


On 23 jan 2010, at 03.24, David Fifield wrote:

On Mon, Jan 18, 2010 at 10:20:22PM +0100, Patrik Karlsson wrote:

I have created a DAAP script called daap-get-library. It attempts to
enumerate the library name, artists, albums and songs from a DAAP
server. Unfortunately it doesn't work with Apples iTunes post 7.0 due
to DAAP authentication [1], but I've successfully tested it against
the Firefly Media Server.


I'm not able to test this but I like the idea. As with your mysql
scripts, you should use shortport.port_or_service in the portrule.

Ok, this is changed in the latest version of the script.

How big can the output of the script be? If someone has 10,000 songs in
their library, does it try to get all of them?


Yes, unfortunately it does, what was I thinking? I've capped the output to 100 now or to any other value set in the 
daap_item_limit script argument. However, the script will still receive all 10,000 songs (I think) but will stop 
processing them once the limit has been reached. If a limit was set, output will reflect this by setting the last 
line of the results to: Output limited to 100 items


What documentation did you consult in writing the script? Your comments
are good but it would be good to know more about the magic identifiers
like miid and musr.


I've added a link to the documentation [1]. The link is something a grabbed from a Google search, but obviously not 
an official protocol spec from the vendor. That said it seemed accurate enough.

I've posted a new version on my blog which I'm also attaching to this e-mail:


Looks good. I would change just one thing:

portrule = shortport.port_or_service(3689, "rendezvous")

"rendezvous" should be "daap" because that's the name used in
nmap-service-probes. After that you can commit this script.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

DAAP script Patrik Karlsson (Jan 18)
- Re: DAAP script David Fifield (Jan 22)
  - Re: DAAP script Patrik Karlsson (Jan 23)
    - Re: DAAP script David Fifield (Jan 25)
- Re: DAAP script Brandon Enright (Jan 22)
  - Re: DAAP script Patrik Karlsson (Jan 23)
    - Re: DAAP script Brandon Enright (Jan 23)