msrpc-enum
脚本使用类型:
hostrule
脚本所属分类:
safe, discovery
脚本下载地址: http://nmap.org/svn/scripts/msrpc-enum.nse
Queries an MSRPC endpoint mapper for a list of mapped services and displays the gathered information.
As it is using smb library, you can specify optional username and password to use.
Script works much like Microsoft's rpcdump tool or dcedump tool from SPIKE fuzzer.
执行格式
nmap <target> --script=msrpc-enum
PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: | msrpc-enum: | | uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 | annotation: DHCP Client LRPC Endpoint | ncalrpc: dhcpcsvc | | uuid: 12345678-1234-abcd-ef00-0123456789ab | annotation: IPSec Policy agent endpoint | ncalrpc: audit | | uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 | ip_addr: 0.0.0.0 | annotation: DHCP Client LRPC Endpoint | tcp_port: 49153 | <snip> | | uuid: 12345678-1234-abcd-ef00-0123456789ab | annotation: IPSec Policy agent endpoint | ncalrpc: securityevent | | uuid: 12345678-1234-abcd-ef00-0123456789ab | annotation: IPSec Policy agent endpoint |_ ncalrpc: protected_storage
Author: Aleksandar Nikolic
License: VER007 整理 http://www.ver007.com