local shortport = require "shortport" local socks = require "socks" local stdnse = require "stdnse" local table = require "table" description = [[ Determines the supported authentication mechanisms of a remote SOCKS proxy server. Starting with SOCKS version 5 socks servers may support authentication. The script checks for the following authentication types: 0 - No authentication 1 - GSSAPI 2 - Username and password ]] --- -- @usage -- nmap -p 1080 --script socks-auth-info -- -- @output -- PORT STATE SERVICE -- 1080/tcp open socks -- | socks-auth-info: -- | No authentication -- |_ Username and password -- -- @xmloutput -- -- 0 -- No authentication --
-- -- 2 -- Username and password --
author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"discovery", "safe", "default"} portrule = shortport.port_or_service({1080, 9050}, {"socks", "socks5", "tor-socks"}) action = function(host, port) local helper = socks.Helper:new(host, port) local auth_methods = {} -- iterate over all authentication methods as the server only responds with -- a single supported one if we send a list. local mt = { __tostring = function(t) return t.name end } for _, method in pairs(socks.AuthMethod) do local status, response = helper:connect( method ) if ( status ) then local out = { method = response.method, name = helper:authNameByNumber(response.method) } setmetatable(out, mt) table.insert(auth_methods, out) end end helper:close() if ( 0 == #auth_methods ) then return end return auth_methods end