Fingerprints the target RPC port to extract the target service, RPC number and version.
The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from the target port. A reply with a RPC accept state 2 (Remote can't support version) means that we the request sent the matching program number, and we proceed to extract the supported versions. A reply with an accept state RPC accept state 1 (remote hasn't exported program) means that we have sent the incorrect program number. Any other accept state is an incorrect behaviour.
Number of grinding threads. Defaults to
- mount.version, nfs.version, rpc.protocol
See the documentation for the rpc library.
nmap -sV <target> nmap --script rpc-grind <target> nmap --script rpc-grind --script-args 'rpc-grind.threads=8' -p <targetport> <target>
PORT STATE SERVICE VERSION 53344/udp open walld 1 (RPC #100008)
License: Same as Nmap--See https://nmap.org/book/man-legal.html