emonti / jruby_jrmi_toys
watch download tarball
public
Forks0Right
Watchers3Right
Description: JRuby JRMI Toys.
Homepage:
Clone URL: git://github.com/emonti/jruby_jrmi_toys.git 
added files
emonti (author)
Thu Feb 05 23:05:18 -0800 2009
commit  dfa68087bf86559e49396331acf285c1daab54c7
tree    02150dd10e6271c31e0755f3c5d73608f6ed429b
parent  5962a321101d25ae5f6ef3e2ac2e3c10222e451e
jruby_jrmi_toys / rmiscan.rb
100755 102 lines (83 sloc) 2.29 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

#!/usr/bin/env jruby
# emonti@matasano.com 2008
# Ghetto RMI port scanner. 
# Takes a host and either range or list of ports as arguments.
# Attempts to do an registry endpoint listing for any port that looks like RMI
 
include Java
import java.rmi.Naming
 
require 'socket'
require 'fcntl'
require 'optparse'
 
OPTS={ :wait_sec => 1 }
 
opts = OptionParser.new do |opts|
  opts.banner = "Usage: #{File.basename $0} [options] address [ports ...]"
  opts.on_tail("-h", "--help", "Show this message") do
    puts opts
    exit 1
  end
 
  opts.on("-p", "--ports=PORTRANGE", "Specify a port range as nnn-NNN") do |p|
    unless (m=/^(\d+)-(\d+)$/.match(p)) and (p1=m[1].to_i) <= (p2=m[2].to_i)
      raise "Invalid port range. Use 'n-N'"
    end
    OPTS[:scanports] = (p1..p2)
  end
  opts.on("-t", "--timeout=N", Numeric, 
          "Response Timeout (Default: #{OPTS[:wait_sec]}) ") do |t|
    OPTS[:wait_sec] = t
  end
end
 
# Get args
begin
  opts.parse!(ARGV)
  unless (host = ARGV.shift)
    raise opts.banner
  end
 
  unless OPTS[:scanports]
    if not (bad=ARGV.grep(/[^0-9]/)).empty?
      raise "Invalid port specified: #{bad.join(', ')}"
    end
    OPTS[:scanports] = ARGV.map {|n| n.to_i}
  end
rescue
  STDERR.puts $!
  exit 1
end
 
OPTS[:scanports].each do |port|
  hit=nil
  # first check for RMI using a minimal handshake check
  begin
    next unless (cli = TCPSocket.new(host, port))
    cli.fcntl(Fcntl::F_SETFL, Fcntl::O_NONBLOCK)
    cli.write("JRMI\x00\x02\x4b")
 
    r,w,e = IO.select([cli], nil, nil, OPTS[:wait_sec])
    unless r
      cli.close
      next
    end
 
    resp = cli.read(3)
    msg, len = resp.unpack("cn")
 
    unless msg == 0x4e
      cli.close
      next
    end
 
    rest = cli.read(len+4)
 
    if rest.size == len+4
      puts "** Found a possible RMI endpoint at //#{host}:#{port}"
      hit=true
      cli.close
    else
      next
    end
 
  rescue
    STDERR.puts "Port #{port} Err: #{$!}"
  ensure
    cli.close if cli and not cli.closed?
  end
 
  next unless hit
 
  # If we've found an RMI service, check if it is a registry
  # rescue with 'next' if an exception is raised
  rmi = Naming.list("//#{host}:#{port}") rescue (next)
 
  puts "** Found RMI Registry at: //#{host}:#{port} (Listing Interfaces)"
  rmi.each {|x| puts "  " + x}
  puts
end