1local comm = require "comm" 2local string = require "string" 3local shortport = require "shortport" 4local nmap = require "nmap" 5 6description = "Detect the T3 RMI protocol and Weblogic version" 7author = {"Alessandro ZANNI <alessandro.zanni@bt.com>", "Daniel Miller"} 8license = "Same as Nmap--See https://nmap.org/book/man-legal.html" 9categories = {"default","safe","discovery","version"} 10 11portrule = function(host, port) 12 if type(port.version) == "table" and port.version.name_confidence > 3 and port.version.product ~= nil then 13 return string.find(port.version.product, "WebLogic", 1, true) and nmap.version_intensity() >= 7 14 end 15 return shortport.version_port_or_service({7001,7002,7003},"http")(host,port) 16end 17 18action = function(host, port) 19 local status, result = comm.exchange(host, port, 20 "t3 12.1.2\nAS:2048\nHL:19\n\n") 21 22 if (not status) then 23 return nil 24 end 25 26 local weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.") 27 28 local rval = nil 29 port.version = port.version or {} 30 local extrainfo = port.version.extrainfo 31 if extrainfo == nil then 32 extrainfo = "" 33 else 34 extrainfo = extrainfo .. "; " 35 end 36 if weblogic_version then 37 if weblogic_version == "12.1.2" then 38 status, result = comm.exchange(host, port, 39 "t3 11.1.2\nAS:2048\nHL:19\n\n") 40 weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.") 41 if weblogic_version == "11.1.2" then 42 -- Server just echoes whatever version we send. 43 rval = "T3 protocol in use (Unknown WebLogic version)" 44 else 45 port.version.version = weblogic_version 46 rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")" 47 end 48 else 49 port.version.version = weblogic_version 50 rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")" 51 end 52 port.version.extrainfo = extrainfo .. "T3 enabled" 53 elseif string.match(result, "^LGIN:") then 54 port.version.extrainfo = extrainfo .. "T3 enabled" 55 rval = "T3 protocol in use (handshake failed)" 56 elseif string.match(result, "^SERV:") then 57 port.version.extrainfo = extrainfo .. "T3 enabled" 58 rval = "T3 protocol in use (No such service)" 59 elseif string.match(result, "^UNAV:") then 60 port.version.extrainfo = extrainfo .. "T3 enabled" 61 rval = "T3 protocol in use (Service unavailable)" 62 elseif string.match(result, "^LICN:") then 63 port.version.extrainfo = extrainfo .. "T3 enabled" 64 rval = "T3 protocol in use (No license)" 65 elseif string.match(result, "^RESC:") then 66 port.version.extrainfo = extrainfo .. "T3 enabled" 67 rval = "T3 protocol in use (No resource)" 68 elseif string.match(result, "^VERS:") then 69 weblogic_version = string.match(result, "^VERS:Incompatible versions %- this server:(%d+%.%d+%.%d+%.%d+)") 70 if weblogic_version then 71 port.version.version = weblogic_version 72 end 73 port.version.extrainfo = extrainfo .. "T3 enabled" 74 rval = "T3 protocol in use (Incompatible version)" 75 elseif string.match(result, "^CATA:") then 76 port.version.extrainfo = extrainfo .. "T3 enabled" 77 rval = "T3 protocol in use (Catastrophic failure)" 78 elseif string.match(result, "^CMND:") then 79 port.version.extrainfo = extrainfo .. "T3 enabled" 80 rval = "T3 protocol in use (No such command)" 81 end 82 83 if rval then 84 if port.version.product == nil then 85 port.version.product = "WebLogic application server" 86 end 87 nmap.set_port_version(host, port, "hardmatched") 88 end 89 90 return rval 91end 92