File broadcast-ms-sql-discover

脚本使用类型: prerule
脚本所属分类: broadcast, safe
脚本下载地址: http://nmap.org/svn/scripts/broadcast-ms-sql-discover.nse

User Summary

Discovers Microsoft SQL servers in the same broadcast domain.

SQL Server credentials required: No (will not benefit from mssql.username & mssql.password).

The script attempts to discover SQL Server instances in the same broadcast domain. Any instances found are stored in the Nmap registry for use by any other ms-sql-* scripts that are run in the same scan.

In contrast to the ms-sql-discover script, the broadcast version will use a broadcast method rather than targeting individual hosts. However, the broadcast version will only use the SQL Server Browser service discovery method.

Script Arguments

max-newtargets, newtargets

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

randomseed, smbbasic, smbport, smbsign

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

Example Usage

执行格式

nmap --script broadcast-ms-sql-discover
nmap --script broadcast-ms-sql-discover,ms-sql-info --script-args=newtargets

Script Output

| broadcast-ms-sql-discover:
|   192.168.100.128 (WINXP)
|     [192.168.100.128\MSSQLSERVER]
|       Name: MSSQLSERVER
|       Product: Microsoft SQL Server 2000
|       TCP port: 1433
|       Named pipe: \\192.168.100.128\pipe\sql\query
|     [192.168.100.128\SQL2K5]
|       Name: SQL2K5
|       Product: Microsoft SQL Server 2005
|       Named pipe: \\192.168.100.128\pipe\MSSQL$SQL2K5\sql\query
|   192.168.100.150 (SQLSRV)
|     [192.168.100.150\PROD]
|       Name: PROD
|       Product: Microsoft SQL Server 2008
|_      Named pipe: \\192.168.100.128\pipe\sql\query

Requires

• mssql
• stdnse
• string
• table
• target

Author: Patrik Karlsson

License: VER007 整理 http://www.ver007.com