File broadcast-ms-sql-discover
Script types:
prerule
Categories:
broadcast, safe
Download: http://nmap.org/svn/scripts/broadcast-ms-sql-discover.nse
User Summary
Discovers Microsoft SQL servers in the same broadcast domain.
SQL Server credentials required: No (will not benefit from
mssql.username & mssql.password).
The script attempts to discover SQL Server instances in the same broadcast domain. Any instances found are stored in the Nmap registry for use by any other ms-sql-* scripts that are run in the same scan.
In contrast to the ms-sql-discover script, the broadcast version
will use a broadcast method rather than targeting individual hosts. However, the
broadcast version will only use the SQL Server Browser service discovery method.
Script Arguments
max-newtargets, newtargets
See the documentation for the target library.mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.Example Usage
nmap --script broadcast-ms-sql-discover nmap --script broadcast-ms-sql-discover,ms-sql-info --script-args=newtargets
Script Output
| broadcast-ms-sql-discover: | 192.168.100.128 (WINXP) | [192.168.100.128\MSSQLSERVER] | Name: MSSQLSERVER | Product: Microsoft SQL Server 2000 | TCP port: 1433 | Named pipe: \\192.168.100.128\pipe\sql\query | [192.168.100.128\SQL2K5] | Name: SQL2K5 | Product: Microsoft SQL Server 2005 | Named pipe: \\192.168.100.128\pipe\MSSQL$SQL2K5\sql\query | 192.168.100.150 (SQLSRV) | [192.168.100.150\PROD] | Name: PROD | Product: Microsoft SQL Server 2008 |_ Named pipe: \\192.168.100.128\pipe\sql\query
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html