Script eap-info

Script types: prerule
Categories: broadcast, safe
Download: https://svn.nmap.org/nmap/scripts/eap-info.nse

Script Summary

Enumerates the authentication methods offered by an EAP (Extensible Authentication Protocol) authenticator for a given identity or for the anonymous identity if no argument is passed.

Script Arguments

eap-info.identity

Identity to use for the first step of the authentication methods (if omitted "anonymous" will be used).

eap-info.scan

Table of authentication methods to test, e.g. { 4, 13, 25 } for MD5, TLS and PEAP. Default: TLS, TTLS, PEAP, MSCHAP.

eap-info.timeout

Maximum time allowed for the scan (default 10s). Methods not tested because of timeout will be listed as "unknown".

eap-info.interface

Network interface to use for the scan, overrides "-e".

Example Usage

nmap -e interface --script eap-info [--script-args="eap-info.identity=0-user,eap-info.scan={13,50}"] <target>

Script Output

Pre-scan script results:
| eap-info:
| Available authentication methods with identity="anonymous" on interface eth2
|   true     PEAP
|   true     EAP-TTLS
|   false    EAP-TLS
|_  false    EAP-MSCHAP-V2

Requires


Author:

  • Riccardo Cecolin

License: Same as Nmap--See https://nmap.org/book/man-legal.html