local anyconnect = require('anyconnect') local stdnse = require('stdnse') local shortport = require('shortport') local nmap = require('nmap') description = [[ Connect as Cisco AnyConnect client to a Cisco SSL VPN and retrieves version and tunnel information. ]] --- -- @usage -- nmap -p 443 --script http-cisco-anyconnect -- -- @output -- PORT STATE SERVICE REASON -- 443/tcp open https syn-ack -- | http-cisco-anyconnect: -- | version: 9.1(5) -- | tunnel-group: VPN -- | group-alias: vpn -- | config-hash: 7328433471719 -- |_ host: vpn.example.com -- -- @xmloutput -- 9.1(5) -- VPN -- vpn -- 7328433471719 -- vpn.example.com -- author = "Patrik Karlsson " license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"default", "discovery", "safe"} portrule = function(host, port) return shortport.ssl(host, port) and shortport.http(host, port) end action = function(host, port) local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then return stdnse.format_output(false, err) else local o = stdnse.output_table() local xmltags = { 'version', 'tunnel-group', 'group-alias', 'config-hash', 'host-scan-ticket', 'host-scan-token', 'host-scan-base-uri', 'host-scan-wait-uri', 'host' } -- add login banner if running in debug mode if nmap.verbosity() > 2 then xmltags[#xmltags] = 'banner' end for _, tag in ipairs(xmltags) do o[tag] = ac.conn_attr[tag] end return o end end