Script `broadcast-ms-sql-discover`

Script types: prerule
Categories: broadcast, safe
Download: https://svn.nmap.org/nmap/scripts/broadcast-ms-sql-discover.nse

Script Summary

Discovers Microsoft SQL servers in the same broadcast domain.

SQL Server credentials required: No (will not benefit from mssql.username & mssql.password).

The script attempts to discover SQL Server instances in the same broadcast domain. Any instances found are stored in the Nmap registry for use by any other ms-sql-* scripts that are run in the same scan.

In contrast to the ms-sql-discover script, the broadcast version will use a broadcast method rather than targeting individual hosts. However, the broadcast version will only use the SQL Server Browser service discovery method.

Script Arguments

max-newtargets, newtargets: See the documentation for the target library.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username: See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign: See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.

Example Usage

nmap --script broadcast-ms-sql-discover
nmap --script broadcast-ms-sql-discover,ms-sql-info --script-args=newtargets

Script Output

| broadcast-ms-sql-discover:
|   192.168.100.128 (WINXP)
|     [192.168.100.128\MSSQLSERVER]
|       Name: MSSQLSERVER
|       Product: Microsoft SQL Server 2000
|       TCP port: 1433
|       Named pipe: \\192.168.100.128\pipe\sql\query
|     [192.168.100.128\SQL2K5]
|       Name: SQL2K5
|       Product: Microsoft SQL Server 2005
|       Named pipe: \\192.168.100.128\pipe\MSSQL$SQL2K5\sql\query
|   192.168.100.150 (SQLSRV)
|     [192.168.100.150\PROD]
|       Name: PROD
|       Product: Microsoft SQL Server 2008
|_      Named pipe: \\192.168.100.128\pipe\sql\query

Requires

Author:

Patrik Karlsson