Home page logo
/

nmap-dev logo Nmap Development mailing list archives

xmpp.nse
From: Vasiliy Kulikov <segooon () gmail com>
Date: Sun, 17 Apr 2011 20:26:59 +0400

Hi,

I've written a basic version of XMPP server capabilities detection.
Currently it lacks some sanity checks, doesn't process xml quotation and
doesn't connects to the server as a server (only as a client).  Also it
needs more detailed description :)

It tries to query _xmpp-{server,client}._tcp.%s SRV record and to connect
to the specified port.  Then it starts standard xml stream and processes
the answer.  It tries to identify: whether the server supports TLS, what
compression methods the server supports, what auth methods the server
supports.

Possible output:

    Host script results:
    | xmpp: 
    |   s2s: hermes.jabber.org:5269
    |   c2s: hermes.jabber.org:5222
    |   starttls
    |   mechanism: CRAM-MD5
    |   mechanism: LOGIN
    |   mechanism: PLAIN
    |   mechanism: DIGEST-MD5
    |   mechanism: SCRAM-SHA-1
    |_  compression: zlib

I wonder whether it is acceptable to process both DNS and server scan in
a single script.  In case of division into xmpp-dns and xmpp-scan one
has to pass --script-args host=server to the script as the server SRV+A
record might differ from the A record.

Also maybe it worth trying to start SSL negotiation to get server's SSL
sertificate.

Any comments are welcome.

Thanks,

-- 
Vasiliy

Attachment: xmpp.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault