├── LICENSE.txt ├── README.txt └── vnc-auth.nse /LICENSE.txt: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * COPYING -- Describes the terms under which Nmap is distributed. A copy * 3 | * of the GNU GPL is appended to this file. * 4 | * * 5 | ***********************IMPORTANT NMAP LICENSE TERMS************************ 6 | * * 7 | * The Nmap Security Scanner is (C) 1996-2009 Insecure.Com LLC. Nmap is * 8 | * also a registered trademark of Insecure.Com LLC. This program is free * 9 | * software; you may redistribute and/or modify it under the terms of the * 10 | * GNU General Public License as published by the Free Software * 11 | * Foundation; Version 2 with the clarifications and exceptions described * 12 | * below. This guarantees your right to use, modify, and redistribute * 13 | * this software under certain conditions. If you wish to embed Nmap * 14 | * technology into proprietary software, we sell alternative licenses * 15 | * (contact sales@insecure.com). Dozens of software vendors already * 16 | * license Nmap technology such as host discovery, port scanning, OS * 17 | * detection, and version detection. * 18 | * * 19 | * Note that the GPL places important restrictions on "derived works", yet * 20 | * it does not provide a detailed definition of that term. To avoid * 21 | * misunderstandings, we consider an application to constitute a * 22 | * "derivative work" for the purpose of this license if it does any of the * 23 | * following: * 24 | * o Integrates source code from Nmap * 25 | * o Reads or includes Nmap copyrighted data files, such as * 26 | * nmap-os-db or nmap-service-probes. * 27 | * o Executes Nmap and parses the results (as opposed to typical shell or * 28 | * execution-menu apps, which simply display raw Nmap output and so are * 29 | * not derivative works.) * 30 | * o Integrates/includes/aggregates Nmap into a proprietary executable * 31 | * installer, such as those produced by InstallShield. * 32 | * o Links to a library or executes a program that does any of the above * 33 | * * 34 | * The term "Nmap" should be taken to also include any portions or derived * 35 | * works of Nmap. This list is not exclusive, but is meant to clarify our * 36 | * interpretation of derived works with some common examples. Our * 37 | * interpretation applies only to Nmap--we don't speak for other people's * 38 | * GPL works. * 39 | * * 40 | * If you have any questions about the GPL licensing restrictions on using * 41 | * Nmap in non-GPL works, we would be happy to help. As mentioned above, * 42 | * we also offer alternative license to integrate Nmap into proprietary * 43 | * applications and appliances. These contracts have been sold to dozens * 44 | * of software vendors, and generally include a perpetual license as well * 45 | * as providing for priority support and updates as well as helping to * 46 | * fund the continued development of Nmap technology. Please email * 47 | * sales@insecure.com for further information. * 48 | * * 49 | * As a special exception to the GPL terms, Insecure.Com LLC grants * 50 | * permission to link the code of this program with any version of the * 51 | * OpenSSL library which is distributed under a license identical to that * 52 | * listed in the included COPYING.OpenSSL file, and distribute linked * 53 | * combinations including the two. You must obey the GNU GPL in all * 54 | * respects for all of the code used other than OpenSSL. If you modify * 55 | * this file, you may extend this exception to your version of the file, * 56 | * but you are not obligated to do so. * 57 | * * 58 | * If you received these files with a written license agreement or * 59 | * contract stating terms other than the terms above, then that * 60 | * alternative license agreement takes precedence over these comments. * 61 | * * 62 | * Source is provided to this software because we believe users have a * 63 | * right to know exactly what a program is going to do before they run it. * 64 | * This also allows you to audit the software for security holes (none * 65 | * have been found so far). * 66 | * * 67 | * Source code also allows you to port Nmap to new platforms, fix bugs, * 68 | * and add new features. You are highly encouraged to send your changes * 69 | * to nmap-dev@insecure.org for possible incorporation into the main * 70 | * distribution. By sending these changes to Fyodor or one of the * 71 | * Insecure.Org development mailing lists, it is assumed that you are * 72 | * offering the Nmap Project (Insecure.Com LLC) the unlimited, * 73 | * non-exclusive right to reuse, modify, and relicense the code. Nmap * 74 | * will always be available Open Source, but this is important because the * 75 | * inability to relicense code has caused devastating problems for other * 76 | * Free Software projects (such as KDE and NASM). We also occasionally * 77 | * relicense the code to third parties as discussed above. If you wish to * 78 | * specify special license conditions of your contributions, just say so * 79 | * when you send them. * 80 | * * 81 | * This program is distributed in the hope that it will be useful, but * 82 | * WITHOUT ANY WARRANTY; without even the implied warranty of * 83 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * 84 | * General Public License v2.0 for more details at * 85 | * http://www.gnu.org/licenses/gpl-2.0.html , or in the COPYING file * 86 | * included with Nmap. * 87 | * * 88 | ***************************************************************************/ 89 | 90 | GNU General Public License 91 | 92 | ---------------------------------------------------------------------------- 93 | 94 | Table of Contents 95 | 96 | * GNU GENERAL PUBLIC LICENSE 97 | o Preamble 98 | o TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 99 | o How to Apply These Terms to Your New Programs 100 | 101 | ---------------------------------------------------------------------------- 102 | 103 | GNU GENERAL PUBLIC LICENSE 104 | 105 | Version 2, June 1991 106 | 107 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 108 | 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 109 | 110 | Everyone is permitted to copy and distribute verbatim copies 111 | of this license document, but changing it is not allowed. 112 | 113 | Preamble 114 | 115 | The licenses for most software are designed to take away your freedom to 116 | share and change it. By contrast, the GNU General Public License is intended 117 | to guarantee your freedom to share and change free software--to make sure 118 | the software is free for all its users. This General Public License applies 119 | to most of the Free Software Foundation's software and to any other program 120 | whose authors commit to using it. (Some other Free Software Foundation 121 | software is covered by the GNU Library General Public License instead.) You 122 | can apply it to your programs, too. 123 | 124 | When we speak of free software, we are referring to freedom, not price. Our 125 | General Public Licenses are designed to make sure that you have the freedom 126 | to distribute copies of free software (and charge for this service if you 127 | wish), that you receive source code or can get it if you want it, that you 128 | can change the software or use pieces of it in new free programs; and that 129 | you know you can do these things. 130 | 131 | To protect your rights, we need to make restrictions that forbid anyone to 132 | deny you these rights or to ask you to surrender the rights. These 133 | restrictions translate to certain responsibilities for you if you distribute 134 | copies of the software, or if you modify it. 135 | 136 | For example, if you distribute copies of such a program, whether gratis or 137 | for a fee, you must give the recipients all the rights that you have. You 138 | must make sure that they, too, receive or can get the source code. And you 139 | must show them these terms so they know their rights. 140 | 141 | We protect your rights with two steps: (1) copyright the software, and (2) 142 | offer you this license which gives you legal permission to copy, distribute 143 | and/or modify the software. 144 | 145 | Also, for each author's protection and ours, we want to make certain that 146 | everyone understands that there is no warranty for this free software. If 147 | the software is modified by someone else and passed on, we want its 148 | recipients to know that what they have is not the original, so that any 149 | problems introduced by others will not reflect on the original authors' 150 | reputations. 151 | 152 | Finally, any free program is threatened constantly by software patents. We 153 | wish to avoid the danger that redistributors of a free program will 154 | individually obtain patent licenses, in effect making the program 155 | proprietary. To prevent this, we have made it clear that any patent must be 156 | licensed for everyone's free use or not licensed at all. 157 | 158 | The precise terms and conditions for copying, distribution and modification 159 | follow. 160 | 161 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 162 | 163 | 0. This License applies to any program or other work which contains a notice 164 | placed by the copyright holder saying it may be distributed under the terms 165 | of this General Public License. The "Program", below, refers to any such 166 | program or work, and a "work based on the Program" means either the Program 167 | or any derivative work under copyright law: that is to say, a work 168 | containing the Program or a portion of it, either verbatim or with 169 | modifications and/or translated into another language. (Hereinafter, 170 | translation is included without limitation in the term "modification".) Each 171 | licensee is addressed as "you". 172 | 173 | Activities other than copying, distribution and modification are not covered 174 | by this License; they are outside its scope. The act of running the Program 175 | is not restricted, and the output from the Program is covered only if its 176 | contents constitute a work based on the Program (independent of having been 177 | made by running the Program). Whether that is true depends on what the 178 | Program does. 179 | 180 | 1. You may copy and distribute verbatim copies of the Program's source code 181 | as you receive it, in any medium, provided that you conspicuously and 182 | appropriately publish on each copy an appropriate copyright notice and 183 | disclaimer of warranty; keep intact all the notices that refer to this 184 | License and to the absence of any warranty; and give any other recipients of 185 | the Program a copy of this License along with the Program. 186 | 187 | You may charge a fee for the physical act of transferring a copy, and you 188 | may at your option offer warranty protection in exchange for a fee. 189 | 190 | 2. You may modify your copy or copies of the Program or any portion of it, 191 | thus forming a work based on the Program, and copy and distribute such 192 | modifications or work under the terms of Section 1 above, provided that you 193 | also meet all of these conditions: 194 | 195 | * a) You must cause the modified files to carry prominent notices stating 196 | that you changed the files and the date of any change. 197 | 198 | * b) You must cause any work that you distribute or publish, that in 199 | whole or in part contains or is derived from the Program or any part 200 | thereof, to be licensed as a whole at no charge to all third parties 201 | under the terms of this License. 202 | 203 | * c) If the modified program normally reads commands interactively when 204 | run, you must cause it, when started running for such interactive use 205 | in the most ordinary way, to print or display an announcement including 206 | an appropriate copyright notice and a notice that there is no warranty 207 | (or else, saying that you provide a warranty) and that users may 208 | redistribute the program under these conditions, and telling the user 209 | how to view a copy of this License. (Exception: if the Program itself 210 | is interactive but does not normally print such an announcement, your 211 | work based on the Program is not required to print an announcement.) 212 | 213 | These requirements apply to the modified work as a whole. If identifiable 214 | sections of that work are not derived from the Program, and can be 215 | reasonably considered independent and separate works in themselves, then 216 | this License, and its terms, do not apply to those sections when you 217 | distribute them as separate works. But when you distribute the same sections 218 | as part of a whole which is a work based on the Program, the distribution of 219 | the whole must be on the terms of this License, whose permissions for other 220 | licensees extend to the entire whole, and thus to each and every part 221 | regardless of who wrote it. 222 | 223 | Thus, it is not the intent of this section to claim rights or contest your 224 | rights to work written entirely by you; rather, the intent is to exercise 225 | the right to control the distribution of derivative or collective works 226 | based on the Program. 227 | 228 | In addition, mere aggregation of another work not based on the Program with 229 | the Program (or with a work based on the Program) on a volume of a storage 230 | or distribution medium does not bring the other work under the scope of this 231 | License. 232 | 233 | 3. You may copy and distribute the Program (or a work based on it, under 234 | Section 2) in object code or executable form under the terms of Sections 1 235 | and 2 above provided that you also do one of the following: 236 | 237 | * a) Accompany it with the complete corresponding machine-readable source 238 | code, which must be distributed under the terms of Sections 1 and 2 239 | above on a medium customarily used for software interchange; or, 240 | 241 | * b) Accompany it with a written offer, valid for at least three years, 242 | to give any third party, for a charge no more than your cost of 243 | physically performing source distribution, a complete machine-readable 244 | copy of the corresponding source code, to be distributed under the 245 | terms of Sections 1 and 2 above on a medium customarily used for 246 | software interchange; or, 247 | 248 | * c) Accompany it with the information you received as to the offer to 249 | distribute corresponding source code. (This alternative is allowed only 250 | for noncommercial distribution and only if you received the program in 251 | object code or executable form with such an offer, in accord with 252 | Subsection b above.) 253 | 254 | The source code for a work means the preferred form of the work for making 255 | modifications to it. For an executable work, complete source code means all 256 | the source code for all modules it contains, plus any associated interface 257 | definition files, plus the scripts used to control compilation and 258 | installation of the executable. However, as a special exception, the source 259 | code distributed need not include anything that is normally distributed (in 260 | either source or binary form) with the major components (compiler, kernel, 261 | and so on) of the operating system on which the executable runs, unless that 262 | component itself accompanies the executable. 263 | 264 | If distribution of executable or object code is made by offering access to 265 | copy from a designated place, then offering equivalent access to copy the 266 | source code from the same place counts as distribution of the source code, 267 | even though third parties are not compelled to copy the source along with 268 | the object code. 269 | 270 | 4. You may not copy, modify, sublicense, or distribute the Program except as 271 | expressly provided under this License. Any attempt otherwise to copy, 272 | modify, sublicense or distribute the Program is void, and will automatically 273 | terminate your rights under this License. However, parties who have received 274 | copies, or rights, from you under this License will not have their licenses 275 | terminated so long as such parties remain in full compliance. 276 | 277 | 5. You are not required to accept this License, since you have not signed 278 | it. However, nothing else grants you permission to modify or distribute the 279 | Program or its derivative works. These actions are prohibited by law if you 280 | do not accept this License. Therefore, by modifying or distributing the 281 | Program (or any work based on the Program), you indicate your acceptance of 282 | this License to do so, and all its terms and conditions for copying, 283 | distributing or modifying the Program or works based on it. 284 | 285 | 6. Each time you redistribute the Program (or any work based on the 286 | Program), the recipient automatically receives a license from the original 287 | licensor to copy, distribute or modify the Program subject to these terms 288 | and conditions. You may not impose any further restrictions on the 289 | recipients' exercise of the rights granted herein. You are not responsible 290 | for enforcing compliance by third parties to this License. 291 | 292 | 7. If, as a consequence of a court judgment or allegation of patent 293 | infringement or for any other reason (not limited to patent issues), 294 | conditions are imposed on you (whether by court order, agreement or 295 | otherwise) that contradict the conditions of this License, they do not 296 | excuse you from the conditions of this License. If you cannot distribute so 297 | as to satisfy simultaneously your obligations under this License and any 298 | other pertinent obligations, then as a consequence you may not distribute 299 | the Program at all. For example, if a patent license would not permit 300 | royalty-free redistribution of the Program by all those who receive copies 301 | directly or indirectly through you, then the only way you could satisfy both 302 | it and this License would be to refrain entirely from distribution of the 303 | Program. 304 | 305 | If any portion of this section is held invalid or unenforceable under any 306 | particular circumstance, the balance of the section is intended to apply and 307 | the section as a whole is intended to apply in other circumstances. 308 | 309 | It is not the purpose of this section to induce you to infringe any patents 310 | or other property right claims or to contest validity of any such claims; 311 | this section has the sole purpose of protecting the integrity of the free 312 | software distribution system, which is implemented by public license 313 | practices. Many people have made generous contributions to the wide range of 314 | software distributed through that system in reliance on consistent 315 | application of that system; it is up to the author/donor to decide if he or 316 | she is willing to distribute software through any other system and a 317 | licensee cannot impose that choice. 318 | 319 | This section is intended to make thoroughly clear what is believed to be a 320 | consequence of the rest of this License. 321 | 322 | 8. If the distribution and/or use of the Program is restricted in certain 323 | countries either by patents or by copyrighted interfaces, the original 324 | copyright holder who places the Program under this License may add an 325 | explicit geographical distribution limitation excluding those countries, so 326 | that distribution is permitted only in or among countries not thus excluded. 327 | In such case, this License incorporates the limitation as if written in the 328 | body of this License. 329 | 330 | 9. The Free Software Foundation may publish revised and/or new versions of 331 | the General Public License from time to time. Such new versions will be 332 | similar in spirit to the present version, but may differ in detail to 333 | address new problems or concerns. 334 | 335 | Each version is given a distinguishing version number. If the Program 336 | specifies a version number of this License which applies to it and "any 337 | later version", you have the option of following the terms and conditions 338 | either of that version or of any later version published by the Free 339 | Software Foundation. If the Program does not specify a version number of 340 | this License, you may choose any version ever published by the Free Software 341 | Foundation. 342 | 343 | 10. If you wish to incorporate parts of the Program into other free programs 344 | whose distribution conditions are different, write to the author to ask for 345 | permission. For software which is copyrighted by the Free Software 346 | Foundation, write to the Free Software Foundation; we sometimes make 347 | exceptions for this. Our decision will be guided by the two goals of 348 | preserving the free status of all derivatives of our free software and of 349 | promoting the sharing and reuse of software generally. 350 | 351 | NO WARRANTY 352 | 353 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR 354 | THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 355 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 356 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 357 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 358 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO 359 | THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM 360 | PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR 361 | CORRECTION. 362 | 363 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 364 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 365 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 366 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 367 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO 368 | LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR 369 | THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 370 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 371 | POSSIBILITY OF SUCH DAMAGES. 372 | 373 | END OF TERMS AND CONDITIONS 374 | 375 | How to Apply These Terms to Your New Programs 376 | 377 | If you develop a new program, and you want it to be of the greatest possible 378 | use to the public, the best way to achieve this is to make it free software 379 | which everyone can redistribute and change under these terms. 380 | 381 | To do so, attach the following notices to the program. It is safest to 382 | attach them to the start of each source file to most effectively convey the 383 | exclusion of warranty; and each file should have at least the "copyright" 384 | line and a pointer to where the full notice is found. 385 | 386 | one line to give the program's name and an idea of what it does. 387 | Copyright (C) 19yy name of author 388 | 389 | This program is free software; you can redistribute it and/or 390 | modify it under the terms of the GNU General Public License 391 | as published by the Free Software Foundation; either version 2 392 | of the License, or (at your option) any later version. 393 | 394 | This program is distributed in the hope that it will be useful, 395 | but WITHOUT ANY WARRANTY; without even the implied warranty of 396 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 397 | GNU General Public License for more details. 398 | 399 | You should have received a copy of the GNU General Public License 400 | along with this program; if not, write to the Free Software 401 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 402 | 403 | Also add information on how to contact you by electronic and paper mail. 404 | 405 | If the program is interactive, make it output a short notice like this when 406 | it starts in an interactive mode: 407 | 408 | Gnomovision version 69, Copyright (C) 19yy name of author 409 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details 410 | type `show w'. This is free software, and you are welcome 411 | to redistribute it under certain conditions; type `show c' 412 | for details. 413 | 414 | The hypothetical commands `show w' and `show c' should show the appropriate 415 | parts of the General Public License. Of course, the commands you use may be 416 | called something other than `show w' and `show c'; they could even be 417 | mouse-clicks or menu items--whatever suits your program. 418 | 419 | You should also get your employer (if you work as a programmer) or your 420 | school, if any, to sign a "copyright disclaimer" for the program, if 421 | necessary. Here is a sample; alter the names: 422 | 423 | Yoyodyne, Inc., hereby disclaims all copyright 424 | interest in the program `Gnomovision' 425 | (which makes passes at compilers) written 426 | by James Hacker. 427 | 428 | signature of Ty Coon, 1 April 1989 429 | Ty Coon, President of Vice 430 | 431 | This General Public License does not permit incorporating your program into 432 | proprietary programs. If your program is a subroutine library, you may 433 | consider it more useful to permit linking proprietary applications with the 434 | library. If this is what you want to do, use the GNU Library General Public 435 | License instead of this License. 436 | -------------------------------------------------------------------------------- /README.txt: -------------------------------------------------------------------------------- 1 | Nmap VNC Authentication Scanner 2 | Steve Ocepek 3 | socepek@trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | Use this Nmap script to quickly determine the types of authentication supported 9 | by each targeted VNC server. Particularly useful when probing large environments 10 | for servers that do not require authentication. 11 | 12 | Features include: 13 | 14 | - Exceptional speed, thanks to the Nmap Scripting Engine. 15 | - Support for all official authentication types 16 | - Support for both 3.3 and 3.8+ protocol versions 17 | - Runs wherever Nmap can run (Windows, Mac, Linux, BSD, etc) 18 | 19 | INSTALLATION 20 | ============ 21 | 22 | Simply copy the file to your local Nmap scripts directory, or the local 23 | directory from which Nmap is being executed. An example, though this path 24 | will vary between operating systems and distributions: 25 | 26 | /usr/local/share/nmap/scripts/ 27 | 28 | USAGE 29 | ===== 30 | 31 | Call the script using the --script Nmap argument. 32 | 33 | Example: 34 | 35 | nmap -P0 --script=vnc-auth.nse -p 5900 192.168.2.166 36 | 37 | Each discovered VNC server will be listed with its supported security type(s): 38 | 39 | Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-28 13:32 EDT 40 | Interesting ports on 192.168.2.166: 41 | PORT STATE SERVICE 42 | 5900/tcp open vnc 43 | |_ vnc-auth: RFB 003.008, Security Types: 02(VNC Authentication) 44 | 45 | Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds 46 | 47 | COPYRIGHT 48 | ========= 49 | 50 | vnc-auth.nse - A VNC authentication scanner for Nmap 51 | Created by Steve Ocepek 52 | Copyright (C) 2009, 2010 Trustwave Holdings, Inc. 53 | 54 | This program is free software; you can redistribute it and/or 55 | modify it under the terms of the GNU General Public License 56 | as published by the Free Software Foundation; either version 2 57 | of the License, or (at your option) any later version. 58 | 59 | This program is distributed in the hope that it will be useful, 60 | but WITHOUT ANY WARRANTY; without even the implied warranty of 61 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 62 | GNU General Public License for more details. 63 | 64 | You should have received a copy of the GNU General Public License 65 | along with this program; if not, write to the Free Software 66 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 67 | -------------------------------------------------------------------------------- /vnc-auth.nse: -------------------------------------------------------------------------------- 1 | description = [[ 2 | Enumerates supported security types on each discovered VNC server. 3 | ]] 4 | author = "Steve Ocepek " 5 | license = "Same as Nmap--See http://nmap.org/book/man-legal.html" 6 | 7 | categories = {"auth"} 8 | 9 | --require "stdnse" 10 | require "shortport" 11 | 12 | portrule = shortport.port_or_service(5900, "vnc") 13 | 14 | action = function(host, port) 15 | local socket = nmap.new_socket() 16 | local result 17 | local status = true 18 | local mode 19 | local version 20 | 21 | --Table from RFB Protocol Spec 22 | sectype = {} 23 | sectype[1] = "None" 24 | sectype[2] = "VNC Authentication" 25 | sectype[5] = "RA2" 26 | sectype[6] = "RA2ne" 27 | sectype[16] = "Tight" 28 | sectype[17] = "Ultra" 29 | sectype[18] = "TLS" 30 | sectype[19] = "VeNCrypt" 31 | sectype[20] = "GTK-VNC SASL" 32 | sectype[21] = "MD5 hash authentication" 33 | 34 | socket:connect(host.ip, port.number, port.protocol) 35 | 36 | status, result = socket:receive_bytes(12) 37 | --String minus newline 38 | version = string.sub(result, 1, -2) 39 | if (status) then 40 | if (version == "RFB 003.003") then 41 | --This one is special, it doesn't have a "number of security types" field 42 | mode = 1 43 | elseif (string.sub (version, 1, 3) == "RFB") then 44 | --Otherwise it's 3.7 or newer 45 | mode = 2 46 | else 47 | --Something's wrong 48 | socket:close() 49 | return "No RFB protocol detected" 50 | end 51 | 52 | --Send whatever version it is back as client supported 53 | socket:send(result) 54 | if (mode == 1) then 55 | status, result = socket:receive_bytes(4) 56 | if (result == "\000\000\000\001") then 57 | socket:close() 58 | text = version .. ", Security Types: 01(None)" 59 | return text 60 | --Use string.sub to grab first 4 61 | --receive_bytes grabs AT LEAST number specified, more present if auth req'd 62 | elseif (string.sub(result,1,4) == "\000\000\000\002") then 63 | socket:close() 64 | text = version .. ", Security Types: 02(VNC Authentication)" 65 | return text 66 | else 67 | socket:close() 68 | text = "Handshake Error: " .. version .. ": " .. result 69 | return text 70 | end 71 | else 72 | --RFB 3.7+ uses number-of-security-types byte 73 | status, result = socket:receive_bytes(2) 74 | if (status) then 75 | sectypes = string.byte(result, 1) 76 | text = version .. ", Security Types: " 77 | for i=1, sectypes do 78 | local sec = string.byte(result, i+1) 79 | text = text .. string.format("%02X",sec) .. "(" .. (sectype[sec] or "Unknown") .. "), " 80 | end 81 | socket:close() 82 | rtext = string.sub(text,1,-3) 83 | return rtext 84 | else 85 | socket:close() 86 | text = "Handshake Error: " .. version .. ": " .. result 87 | return text 88 | end 89 | end 90 | 91 | else 92 | socket:close() 93 | return "Error connecting to VNC server" 94 | end 95 | end 96 | --------------------------------------------------------------------------------