New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding multiple scripts for Hadoop components #620

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
3 participants
@maaaaz

maaaaz commented Dec 20, 2016

Hello dear Nmap crew,

I made some discovery scripts for common Hadoop and "Big Data" components as it can be a challenge to correctly map the attack surface among all these services.

Cheers.

@dmiller-nmap

This comment has been minimized.

dmiller-nmap commented Jan 11, 2017

@maaaaz Thanks for these! Simple HTTP application discovery scripts like this can usually be rewritten as fingerprints for http-enum. Check out the nselib/data/http-fingerprints.lua file to see how this is done.

@Varunram

This comment has been minimized.

Varunram commented Feb 13, 2017

@dmiller-nmap The same code, rewritten as fingerprints.

-- Apache Ambari Web UI
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/',
        method = 'GET'
      },
    },
    matches = {
      {
        match = '<title>Ambari</title>',
        output = 'Apache Ambari WebUI'
      }
    }
  });

-- Apache Oozie Web Console
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/oozie/',
        method = 'GET'
      },
    },
    matches = {
      {
        match = '<title>Oozie Web Console</title>',
        output = 'Apache Oozie Web Console'
      }
    }
  });

-- Apache Ranger Web UI
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/logn.jsp',
        method = 'GET'
      },
    },
    matches = {
      {
        match = '<title>%s*Ranger %- Sign In%s*</title>',
        output = 'Apache Ranger WebUI'
      }
    }
  });

-- Cloudera Hue
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/about/',
        method = 'GET'
      },
    },
    matches = {
      {
        match = 'Hue&trade;%s(.-)%s[-]%s<a href="http://gethue.com"',
        output = 'Cloudera Hue \\1'
      }
    }
  });

-- Cloduera Manager login page
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/cmf/login',
        method = 'GET'
      },
    },
    matches = {
      {
        match = 'clouderaManager.*version:%s'(.-)'',
        output = 'Cloudera Manager version \\1 '
      }
    }
  });

-- Hadoop MapReduce JobHistory WebUI
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/jobhistory',
        method = 'GET'
      },
    },
    matches = {
      {
        match = '<title>%s*JobHistory%s*</title>',
        output = 'Hadoop MapReduce JobHistory WebUI'
      }
    }
  });

-- Hadoop YARN Resource Manager
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/cluster/cluster',
        method = 'GET'
      },
    },
    matches = {
      {
        match = 'ResourceManager state:.-<td>%s*(.-)%s*</td>',
        output = 'Hadoop YARN Resource Manager state \\1'
      },
      {
        match = 'ResourceManager version:.-<td>%s*(.-)%s*</td>',
        output = 'Hadoop YARN Resource Manager version \\1'
      },
      {
        match = 'Hadoop version:.-<td>%s*(.-)%s*</td>'
        output = 'Hadoop Version \\1'
      }
    }
  });
  
-- Hadoop Node Resource Manager
table.insert(fingerprints, {
    category = 'info',
    probes = {
      {
        path = '/node',
        method = 'GET'
      },
    },
    matches = {
      {
        match = '<h3>%s*NodeManager%s*</h3>',
        output = 'Hadoop YARN Node Manager WebUI'
      },
      {
        match = 'Node Manager Version:.-<td>%s*(.-)%s*</td>',
        output = 'Hadoop YARN Node Manager version \\1'
      },
      {
        match = 'Hadoop Version:.-<td>%s*(.-)%s*</td>'
        output = 'Hadoop Version \\1'
      }
    }
  });
@maaaaz

This comment has been minimized.

maaaaz commented Feb 13, 2017

@Varunram: cool thank you !

@Varunram Varunram referenced this pull request Mar 1, 2017

Closed

Add Hadoop Fingerprints #715

@nmap-bot nmap-bot closed this in fe622e1 Mar 4, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment