Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] amqp-info script

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Tue, 27 Sep 2011 15:40:16 +0300
Has anyone looked at this? Seems useful. Should we add it to svn?
On 5 May 2011 17:22, "Sebastian Dragomir" <velorien () gmail com> wrote:

Hi,
I've added version reporting as you suggested.
If -sV is used, output looks like this:

PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 2.4.0 (0-9)

PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 1.7.2 (0-8)

Thanks,
Sebastian

On Wed, May 4, 2011 at 10:30 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:


Nice to see some work on amqp. I think you should use
nmap.set_port_version to report the software version details where you
can. See netbus-version.nse for an example on doing that.

On Wed, May 4, 2011 at 8:01 PM, Sebastian Dragomir <velorien () gmail com>
wrote:

Hi all,
I wrote a script for detecting an AMQP server's properties. It

currently

supports 0-8, 0-9, 0-9-1 versions.
For 0-9+ it will also fetch the server's capabilities from the
server-properties field.
The library I wrote for it only supports the most basic handshake
functionality for AMQP, but I thought it wouldn't hurt to refactor it

like

that.

To test the script:
sudo apt-get install rabbitmq-server
nmap --script amqp-info -p5672 127.0.0.1

Sample output:
PORT STATE SERVICE
5672/tcp open amqp
| amqp-info:
| capabilities:
| publisher_confirms: YES
| exchange_exchange_bindings: YES
| basic.nack: YES
| consumer_cancel_notify: YES
| copyright: Copyright (C) 2007-2011 VMware, Inc.
| information: Licensed under the MPL. See http://www.rabbitmq.com/
| platform: Erlang/OTP
| product: RabbitMQ
| version: 2.4.0
| mechanisms: PLAIN AMQPLAIN
|_ locales: en_US

amqp.version can be passed as argument to indicate one of 0-8, 0-9 or

0-9-1,

but the script is still capable of guessing the version from the

server's

response.

All comments are welcome.

Cheers,
Sebastian

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: