| Server IP : 80.87.202.40 / Your IP : 216.73.216.169 Web Server : Apache System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64 User : bitrix ( 600) PHP Version : 8.2.27 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/share/nmap/scripts/ |
Upload File : |
local coap = require "coap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
local table = require "table"
description = [[
Dumps list of available resources from CoAP endpoints.
This script establishes a connection to a CoAP endpoint and performs a
GET request on a resource. The default resource for our request is
<code>/.well-known/core</core>, which should contain a list of
resources provided by the endpoint.
For additional information:
* https://en.wikipedia.org/wiki/Constrained_Application_Protocol
* https://tools.ietf.org/html/rfc7252
* https://tools.ietf.org/html/rfc6690
]]
---
-- @usage nmap -p U:5683 -sU --script coap-resources <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 5683/udp open coap udp-response ttl 36
-- | coap-resources:
-- | /large:
-- | rt: block
-- | sz: 1280
-- | title: Large resource
-- | /large-update:
-- | ct: 0
-- | rt: block
-- | sz: 55
-- | title: Large resource that can be updated using PUT method
-- | /link1:
-- | if: If1
-- | rt: Type1 Type2
-- |_ title: Link test resource
--
-- @args coap-resources.uri URI to request via the GET method,
-- <code>/.well-known/core</code> by default.
--
-- @xmloutput
-- <table key="/">
-- <elem key="ct">0</elem>
-- <elem key="title">General Info</elem>
-- </table>
-- <table key="/ft">
-- <elem key="ct">0</elem>
-- <elem key="title">Faults Reporting</elem>
-- </table>
-- <table key="/mn">
-- <elem key="ct">0</elem>
-- <elem key="title">Monitor Reporting</elem>
-- </table>
-- <table key="/st">
-- <elem key="ct">0</elem>
-- <elem key="title">Status Reporting</elem>
-- </table>
-- <table key="/time">
-- <elem key="ct">0</elem>
-- <elem key="obs,</devices/block>;title">Devices Block</elem>
-- <elem key="title">Internal Clock</elem>
-- </table>
-- <table key="/wn">
-- <elem key="ct">0</elem>
-- <elem key="title">Warnings Reporting</elem>
-- </table>
author = "Mak Kolybabi <mak@kolybabi.com>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "discovery"}
-- TODO: Add 5684 "coaps" if DTLS support is added
portrule = shortport.port_or_service(5683, "coap", "udp")
format_payload = function(payload)
-- Leave strings alone.
if type(payload) == "string" then
return payload
end
local tbl = stdnse.output_table()
-- We want to go through all of the links in alphabetical order.
table.sort(payload, function(a,b) return a.name < b.name end)
for _, link in ipairs(payload) do
-- We want to go through all of the parameters in alphabetical
-- order.
table.sort(link.parameters, function(a,b) return a.name < b.name end)
local row = stdnse.output_table()
for _, param in ipairs(link.parameters) do
row[param.name] = param.value
end
tbl[link.name] = row
end
return tbl
end
get_blocks = function(helper, options, b2opt, payload, max_reqs)
-- Initialize the block table to store all of our received blocks.
local blocks = {}
blocks[b2opt.number] = payload
-- If we don't know the number of the last block, we'll need to use
-- the largest number we've seen as the maxumum.
local max = b2opt.number
-- If the first block we received happens to be the last one, either
-- by being a one-block sequence or by the endpoint sending us the
-- last block in the sequence first, we want to record the final
-- number in the sequence.
local last = nil
if b2opt.more == false then
last = b2opt.number
max = b2opt.number
end
-- We'll continue to request blocks that are the same size as the
-- original block, since the endpoint likely prefers that.
local length = b2opt.length
-- We want to track the number of requests we make so that a
-- malicious endpoint can't keep us on the hook forever.
for req = 1, max_reqs do
-- Determine if there are any blocks in the sequence that we have
-- not yet received.
local top = max + 1
if last then
top = last
end
local num = top
for i = 0, top do
if not blocks[i] then
num = i
break
end
end
-- If the block we think we're missing is at the end of the
-- sequence, we've got them all.
if last and num >= last then
stdnse.debug3("All %d blocks have been retrieved.", last)
break
end
-- Create the request.
local opts = {
["code"] = "get",
["type"] = "confirmable",
["options"] = {
{["name"] = "block2", ["value"] = {
["number"] = num,
["more"] = false,
["length"] = length
}}
}
}
local components = stringaux.strsplit("/", options.uri)
for _, component in ipairs(components) do
if component ~= "" then
table.insert(opts.options, {["name"] = "uri_path", ["value"] = component})
end
end
-- Send the request and receive the response.
stdnse.debug3("Requesting block %d of size %d.", num, length)
local status, response = helper:request(opts)
if not status then
return false, response
end
if not response.payload then
return false, "Response did not contain a payload."
end
-- Check for the presence of the block2 option, and if it's
-- missing then we're going to stop.
b2opt = coap.COAP.header.find_option(response, "block2")
if not b2opt then
stdnse.debug1("Stopped requesting more blocks, response found without block2 option.")
break
end
stdnse.debug3("Received block %d of size %d.", b2opt.number, b2opt.length)
blocks[b2opt.number] = response.payload
if b2opt.more == false then
stdnse.debug3("Block %d indicates it is the end of the sequence.", b2opt.number, b2opt.length)
last = b2opt.number
max = b2opt.number
elseif b2opt.number > max then
max = b2opt.number
end
end
-- Reassemble payload, handling potentially missing blocks.
local result = ""
for i = 1, max do
if not blocks[i] then
stdnse.debug3("Block %d is missing, replacing with dummy data.", i)
result = result .. ("<! missing block %d!>"):format(i)
else
result = result .. blocks[i]
end
end
return true, result
end
local function parse_args ()
local args = {}
local uri = stdnse.get_script_args(SCRIPT_NAME .. '.uri')
if not uri then
uri = "/.well-known/core"
end
args.uri = uri
return true, args
end
action = function(host, port)
local output = stdnse.output_table()
-- Parse and sanity check the command line arguments.
local status, options = parse_args()
if not status then
output.ERROR = options
return output, output.ERROR
end
-- Create an instance of the CoAP library's client object.
local helper = coap.Helper:new(host, port)
-- Connect to the CoAP endpoint.
local status, response = helper:connect({["uri"] = options.uri})
if not status then
-- Erros at this stage indicate we're probably not talking to a CoAP server,
-- so we exit silently.
return nil
end
-- Check that the response is a 2.05, otherwise we don't know how to
-- continue.
if response.code ~= "content" then
-- If the port runs an echo service, we'll see an unexpected 'get' code.
if response.code == "get" then
-- Exit silently, this has all been a mistake.
return nil
end
-- If the requested resource wasn't found, that's okay.
if response.code == "not_found" then
stdnse.debug1("The target reports that the resource '%s' was not found.", options.uri)
return nil
end
-- Otherwise, we assume that we're getting a legitimate CoAP response.
output.ERROR = ("Server responded with '%s' code where 'content' was expected."):format(response.code)
return output, output.ERROR
end
local result = response.payload
if not result then
output.ERROR = "Payload for initial response was not part of the packet."
return output, output.ERROR
end
-- Check for the presence of the block2 option, which indicates that
-- we'll need to perform more requests.
local b2opt = coap.COAP.header.find_option(response, "block2")
if b2opt then
-- Since the block2 option was used, the payload should be an unparsed string.
assert(type(result) == "string")
local status, payload = get_blocks(helper, options, b2opt, result, 64)
if not status then
output.ERROR = result
return output, output.ERROR
end
result = result .. payload
-- Parse the payload.
local status, parsed = coap.COAP.payload.parse(response, result)
if not status then
stdnse.debug1("Failed to parse payload: %s", parsed)
stdnse.debug1("Falling back to returning raw payload as last resort.")
output["Raw CoAP response"] = result
return output, stdnse.format_output(true, output)
end
result = parsed
end
-- Regardless of whether the block2 option was used, we should now have a
-- parsed payload in some format or another. For now, they should all be
-- strings or tables.
assert(type(result) == "string" or type(result) == "table")
-- If the payload has been parsed, and we requested the default
-- resource, then we know how to format it nicely.
local formatted = result
if true then
formatted = format_payload(result)
end
return formatted
end