Script broadcast-wpad-discover

Script types: prerule
Categories: broadcast, safe
Download: https://svn.nmap.org/nmap/scripts/broadcast-wpad-discover.nse

Script Summary

Retrieves a list of proxy servers on a LAN using the Web Proxy Autodiscovery Protocol (WPAD). It implements both the DHCP and DNS methods of doing so and starts by querying DHCP to get the address. DHCP discovery requires nmap to be running in privileged mode and will be skipped when this is not the case. DNS discovery relies on the script being able to resolve the local domain either through a script argument or by attempting to reverse resolve the local IP.

Script Arguments

broadcast-wpad-discover.getwpad

instructs the script to retrieve the WPAD file instead of parsing it

broadcast-wpad-discover.nodhcp

instructs the script to skip discovery using dhcp

broadcast-wpad-discover.nodns

instructs the script to skip discovery using DNS

broadcast-wpad-discover.domain

the domain in which the WPAD host should be discovered

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script broadcast-wpad-discover

Script Output

| broadcast-wpad-discover:
|   1.2.3.4:8080
|_  4.5.6.7:3128

Requires

• dhcp
• dns
• http
• nmap
• stdnse
• string
• table
• url

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html