Script rpc-grind

Script types: portrule
Categories: version
Download: https://svn.nmap.org/nmap/scripts/rpc-grind.nse

Script Summary

Fingerprints the target RPC port to extract the target service, RPC number and version.

The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from the target port. A reply with a RPC accept state 2 (Remote can't support version) means that we the request sent the matching program number, and we proceed to extract the supported versions. A reply with an accept state RPC accept state 1 (remote hasn't exported program) means that we have sent the incorrect program number. Any other accept state is an incorrect behaviour.

See also:

Script Arguments

rpc-grind.threads

Number of grinding threads. Defaults to 4

mount.version, nfs.version, rpc.protocol

See the documentation for the rpc library.

Example Usage

nmap -sV <target>
nmap --script rpc-grind <target>
nmap --script rpc-grind --script-args 'rpc-grind.threads=8' -p <targetport>
<target>

Script Output

PORT      STATE SERVICE VERSION
53344/udp open  walld   1 (RPC #100008)

Requires


Author:

  • Hani Benhabiles

License: Same as Nmap--See https://nmap.org/book/man-legal.html