Script http-cisco-anyconnect

Script types: portrule
Categories: default, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-cisco-anyconnect.nse

Script Summary

Connect as Cisco AnyConnect client to a Cisco SSL VPN and retrieves version and tunnel information.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

anyconnect.group, anyconnect.mac, anyconnect.ua, anyconnect.version

See the documentation for the anyconnect library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 443 --script http-cisco-anyconnect <target>

Script Output

PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
| http-cisco-anyconnect:
|   version: 9.1(5)
|   tunnel-group: VPN
|   group-alias: vpn
|   config-hash: 7328433471719
|_  host: vpn.example.com

Requires

• anyconnect
• stdnse
• shortport
• nmap

---

Author:

• Patrik Karlsson <patrik@cqure.net>

License: Same as Nmap--See https://nmap.org/book/man-legal.html