Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPatrik Karlsson <[email protected]>NMAP:HTTP-CISCO-ANYCONNECT.NSE
HistoryMay 26, 2014 - 1:28 a.m.

http-cisco-anyconnect NSE Script

2014-05-2601:28:38
Patrik Karlsson <[email protected]>
nmap.org
469

EPSS

0.973

Percentile

99.9%

JSON

Connect as Cisco AnyConnect client to a Cisco SSL VPN and retrieves version and tunnel information.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

anyconnect.group, anyconnect.mac, anyconnect.ua, anyconnect.version

See the documentation for the anyconnect library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 443 --script http-cisco-anyconnect &lt;target&gt;

Script Output

PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| http-cisco-anyconnect:
|   version: 9.1(5)
|   tunnel-group: VPN
|   group-alias: vpn
|   config-hash: 7328433471719
|_  host: vpn.example.com

Requires

local anyconnect = require('anyconnect')
local stdnse = require('stdnse')
local shortport = require('shortport')
local nmap = require('nmap')

description = [[
Connect as Cisco AnyConnect client to a Cisco SSL VPN and retrieves version
and tunnel information.
]]

---
-- @usage
-- nmap -p 443 --script http-cisco-anyconnect <target>
--
-- @output
-- PORT    STATE SERVICE REASON
-- 443/tcp open  https   syn-ack
-- | http-cisco-anyconnect:
-- |   version: 9.1(5)
-- |   tunnel-group: VPN
-- |   group-alias: vpn
-- |   config-hash: 7328433471719
-- |_  host: vpn.example.com
--
-- @xmloutput
-- <elem key="version">9.1(5)</elem>
-- <elem key="tunnel-group">VPN</elem>
-- <elem key="group-alias">vpn</elem>
-- <elem key="config-hash">7328433471719</elem>
-- <elem key="host">vpn.example.com</elem>
--

author = "Patrik Karlsson <[email protected]>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

portrule = function(host, port)
  return shortport.ssl(host, port) and shortport.http(host, port)
end

action = function(host, port)
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
    return stdnse.format_output(false, err)
  else
    local o = stdnse.output_table()
    local xmltags = { 'version', 'tunnel-group', 'group-alias',
      'config-hash', 'host-scan-ticket', 'host-scan-token',
      'host-scan-base-uri', 'host-scan-wait-uri', 'host' }

    -- add login banner if running in debug mode
    if nmap.verbosity() > 2 then xmltags[#xmltags] = 'banner' end

    for _, tag in ipairs(xmltags) do
      o[tag] = ac.conn_attr[tag]
    end
    return o
  end
end

Related

nmap 200
nmap
nmap
sslv2 NSE Script
2008-11-06 02:52:59
mrinfo NSE Script
2012-08-03 22:58:29
broadcast-novell-locate NSE Script
2011-06-15 06:23:30

EPSS

0.973

Percentile

99.9%

JSON
Related for NMAP:HTTP-CISCO-ANYCONNECT.NSE
nmap200