Script nfs-ls

Script types:
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/nfs-ls.nse

Script Summary

Attempts to get useful information about files from NFS exports. The output is intended to resemble the output of ls.

The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For each mounted directory the script will try to list its file entries with their attributes.

Since the file attributes shown in the results are the result of GETATTR, READDIRPLUS, and similar procedures, the attributes are the attributes of the local filesystem.

These access permissions are shown only with NFSv3:

• Read: Read data from file or read a directory.
• Lookup: Look up a name in a directory (no meaning for non-directory objects).
• Modify: Rewrite existing file data or modify existing directory entries.
• Extend: Write new data or add directory entries.
• Delete: Delete an existing directory entry.
• Execute: Execute file (no meaning for a directory).

Recursive listing is not implemented.

Script Arguments

nfs-ls.time

Specifies which one of the last mac times to use in the files attributes output. Possible values are:

• m: last modification time (mtime)
• a: last access time (atime)
• c: last change time (ctime)

The default value is m (mtime).

nfs.version

The NFS protocol version to use

mount.version, rpc.protocol

See the documentation for the rpc library.

ls.checksum, ls.empty, ls.errors, ls.human, ls.maxdepth, ls.maxfiles

See the documentation for the ls library.

Example Usage

nmap -p 111 --script=nfs-ls <target>
nmap -sV --script=nfs-ls <target>

Script Output

PORT    STATE SERVICE
111/tcp open  rpcbind
| nfs-ls:
|   Volume /mnt/nfs/files
|   access: Read Lookup NoModify NoExtend NoDelete NoExecute
|   PERMISSION  UID   GID   SIZE     MODIFICATION TIME  FILENAME
|   drwxr-xr-x  1000  100   4096     2010-06-17 12:28   /mnt/nfs/files
|   drwxr--r--  1000  1002  4096     2010-05-14 12:58   sources
|   -rw-------  1000  1002  23606    2010-06-17 12:28   notes
|
|   Volume /home/storage/backup
|   access: Read Lookup Modify Extend Delete NoExecute
|   PERMISSION  UID   GID   SIZE     MODIFICATION TIME  FILENAME
|   drwxr-xr-x  1000  100   4096     2010-06-11 22:31   /home/storage/backup
|   -rw-r--r--  1000  1002  0        2010-06-10 08:34   filetest
|   drwx------  1000  100   16384    2010-02-05 17:05   lost+found
|   -rw-r--r--  0     0     5        2010-06-10 11:32   rootfile
|   lrwxrwxrwx  1000  1002  8        2010-06-10 08:34   symlink
|_

Requires

• rpc
• shortport
• stdnse
• string
• ls
• table
• nmap

---

Authors:

• Patrik Karlsson
• Djalal Harouni

License: Same as Nmap--See https://nmap.org/book/man-legal.html