CHips L MINI SHELL

CHips L pro

Current Path : /usr/share/nmap/scripts/
Upload File :
Current File : //usr/share/nmap/scripts/citrix-enum-apps-xml.nse

description = [[ 
Extracts a list of applications, ACLs, and settings from the Citrix XML
service.

The script returns more output with higher verbosity.
]]

---
-- @usage
-- nmap --script=citrix-enum-apps-xml -p 80,443,8080 <host>
--
-- @output
-- PORT     STATE SERVICE
-- 8080/tcp open  http-proxy
-- | citrix-enum-apps-xml:  
-- |   Application: Notepad; Users: Anonymous
-- |   Application: iexplorer; Users: Anonymous
-- |_  Application: registry editor; Users: WIN-B4RL0SUCJ29\Joe; Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*
--
-- PORT     STATE SERVICE
-- 8080/tcp open  http-proxy
-- | citrix-enum-apps-xml:  
-- |   Application: Notepad
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: Anonymous
-- |   Application: iexplorer
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: Anonymous
-- |   Application: registry editor
-- |     Disabled: false
-- |     Desktop: false
-- |     On Desktop: false
-- |     Encryption: basic
-- |     In start menu: false
-- |     Publisher: labb1farm
-- |     SSL: false
-- |     Remote Access: false
-- |     Users: WIN-B4RL0SUCJ29\Joe
-- |_    Groups: WIN-B4RL0SUCJ29\HR, *CITRIX_BUILTIN*\*CITRIX_ADMINISTRATORS*

-- Version 0.2
-- Created 11/26/2009 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 12/02/2009 - v0.2 - Use stdnse.format_ouput for output

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

require "comm"
require 'shortport'
require 'citrixxml'

portrule = shortport.portnumber({8080,80,443}, "tcp")

--- Creates a table which is suitable for use with stdnse.format_output
--
-- @param appdata table with results from parse_appdata_response
-- @param mode string short or long, see usage above
-- @return table suitable for stdnse.format_output
function format_output(appdata, mode)

		local result = {}
		local setting_titles = { {appisdisabled="Disabled"}, {appisdesktop="Desktop"}, {AppOnDesktop="On Desktop"}, 
									{Encryption="Encryption"}, {AppInStartmenu="In start menu"},
									{PublisherName="Publisher"}, {SSLEnabled="SSL"}, {RemoteAccessEnabled="Remote Access"} }


		if mode == "short" then
			for app_name, AppData in ipairs(appdata) do
				local line = "Application: " .. AppData.FName

				if AppData.AccessList then

					if AppData.AccessList.User then			
						line = line .. "; Users: " ..  stdnse.strjoin(", ", AppData.AccessList.User)
					end

					if AppData.AccessList.Group then
						line = line .. "; Groups: " .. stdnse.strjoin(", ", AppData.AccessList.Group)
					end

					table.insert(result, line)
				end
			end

		else

			for app_name, AppData in ipairs(appdata) do
				local result_part = {}
				
				result_part.name = "Application: " .. AppData.FName
				
				local settings = AppData.Settings

				for _, setting_pairs in ipairs(setting_titles) do
					for setting_key, setting_title in pairs(setting_pairs) do
						local setting_value = settings[setting_key] and settings[setting_key] or ""
						table.insert(result_part, setting_title .. ": " .. setting_value )
					end
				end


				if AppData.AccessList then
					if AppData.AccessList.User then
						table.insert(result_part, "Users: " .. stdnse.strjoin(", ", AppData.AccessList.User) )
					end	
			
					if AppData.AccessList.Group then 
						table.insert(result_part, "Groups: " .. stdnse.strjoin(", ", AppData.AccessList.Group) )
					end
				
					table.insert(result, result_part)
				end
				
			end

		end

		return result

	end
	
	
action = function(host,port)		

		local response = citrixxml.request_appdata(host.ip, port.number, {ServerAddress="",attr={addresstype="dot"},DesiredDetails={"all","access-list"} }) 
		local appdata = citrixxml.parse_appdata_response(response)
	
		local response = format_output(appdata, (nmap.verbosity() > 1 and "long" or "short"))
	
		return stdnse.format_output(true, response)

end

Copyright 2K16 - 2K18 Indonesian Hacker Rulez