Fingerprints the target RPC port to extract the target service, RPC number and version.
The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from the target port. A reply with a RPC accept state 2 (Remote can't support version) means that we the request sent the matching program number, and we proceed to extract the supported versions. A reply with an accept state RPC accept state 1 (remote hasn't exported program) means that we have sent the incorrect program number. Any other accept state is an incorrect behaviour.
Number of grinding threads. Defaults to
mount.version, nfs.version, rpc.protocolSee the documentation for the rpc library.
nmap -sV <target> nmap --script rpc-grind <target> nmap --script rpc-grind --script-args 'rpc-grind.threads=8' -p <targetport> <target>
PORT STATE SERVICE VERSION 53344/udp open walld 1 (RPC #100008)
License: Same as Nmap--See https://nmap.org/book/man-legal.html