Detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information. Some of the older versions (pre 3.0.0) may not have the UDP service that this probe relies on enabled by default.
The Ventrilo server listens on a TCP (voice/control) and an UDP (ping/status)
port with the same port number (fixed to 3784 in the free version, otherwise
configurable). This script activates on both a TCP and UDP port version scan.
In both cases probe data is sent only to the UDP port because it allows for a
simple and informative status command as implemented by the
ventrilo_status.exe executable which has shipped alongside the Windows server
package since version 2.1.2 when the UDP status service was implemented.
When run as a version detection script (
-sV), the script will report on the
server version, name, uptime, authentication scheme, and OS. When run
--script ventrilo-info), the script will additionally report on the
server name phonetic pronunciation string, the server comment, maximum number
of clients, voice codec, voice format, channel and client counts, and details
about channels and currently connected clients.
Original reversing of the protocol was done by Luigi Auriemma (http://aluigi.altervista.org/papers.htm#ventrilo).
nmap -sV <target>
nmap -Pn -sU -sV --script ventrilo-info -p <port> <target>
PORT STATE SERVICE VERSION 9408/tcp open ventrilo Ventrilo 3.0.3.C (voice port; name: TypeFrag.com; uptime: 152h:56m; auth: pw) | ventrilo-info: | name: TypeFrag.com | phonetic: Type Frag Dot Com | comment: http://www.typefrag.com/ | auth: pw | max. clients: 100 | voice codec: 3,Speex | voice format: 32,32 KHz%2C 16 bit%2C 10 Qlty | uptime: 152h:56m | platform: WIN32 | version: 3.0.3.C | channel count: 14 | channel fields: CID, PID, PROT, NAME, COMM | client count: 6 | client fields: ADMIN, CID, PHAN, PING, SEC, NAME, COMM | channels: | <top level lobby> (CID: 0, PID: n/a, PROT: n/a, COMM: n/a): <empty> | Group 1 (CID: 719, PID: 0, PROT: 0, COMM: ): | stabya (ADMIN: 0, PHAN: 0, PING: 47, SEC: 206304, COMM: | Group 2 (CID: 720, PID: 0, PROT: 0, COMM: ): <empty> | Group 3 (CID: 721, PID: 0, PROT: 0, COMM: ): <empty> | Group 4 (CID: 722, PID: 0, PROT: 0, COMM: ): <empty> | Group 5 (CID: 723, PID: 0, PROT: 0, COMM: ): | Sir Master Win (ADMIN: 0, PHAN: 0, PING: 32, SEC: 186890, COMM: | waterbukk (ADMIN: 0, PHAN: 0, PING: 31, SEC: 111387, COMM: | likez (ADMIN: 0, PHAN: 0, PING: 140, SEC: 22457, COMM: | Tweet (ADMIN: 0, PHAN: 0, PING: 140, SEC: 21009, COMM: | Group 6 (CID: 724, PID: 0, PROT: 0, COMM: ): <empty> | Raid (CID: 725, PID: 0, PROT: 0, COMM: ): <empty> | Officers (CID: 726, PID: 0, PROT: 1, COMM: ): <empty> | PG 13 (CID: 727, PID: 0, PROT: 0, COMM: ): <empty> | Rated R (CID: 728, PID: 0, PROT: 0, COMM: ): <empty> | Group 7 (CID: 729, PID: 0, PROT: 0, COMM: ): <empty> | Group 8 (CID: 730, PID: 0, PROT: 0, COMM: ): <empty> | Group 9 (CID: 731, PID: 0, PROT: 0, COMM: ): <empty> | AFK - switch to this when AFK (CID: 732, PID: 0, PROT: 0, COMM: ): |_ Eisennacher (ADMIN: 0, PHAN: 0, PING: 79, SEC: 181948, COMM: Service Info: OS: WIN32
Author: Marin Maržić
License: Same as Nmap--See https://nmap.org/book/man-legal.html