Script xmpp-info

Script types: portrule
Categories: default, safe, discovery, version
Download: https://svn.nmap.org/nmap/scripts/xmpp-info.nse

Script Summary

Connects to XMPP server (port 5222) and collects server information such as: supported auth mechanisms, compression methods, whether TLS is supported and mandatory, stream management, language, support of In-Band registration, server capabilities. If possible, studies server vendor.

Script Arguments

xmpp-info.alt_server_name

If set, overwrites alternative hello name sent to the server. This name should differ from the real DNS name. It is used to find out whether the server refuses to talk if a wrong name is used. Default is ".".

xmpp-info.no_starttls

If set, disables TLS processing.

xmpp-info.server_name

If set, overwrites hello name sent to the server. It can be necessary if XMPP server's name differs from DNS name.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sV <target>

Script Output

PORT     STATE SERVICE REASON  VERSION
5222/tcp open  jabber  syn-ack ejabberd (Protocol 1.0)
| xmpp-info:
|   Respects server name
|   info:
|     xmpp:
|       lang: en
|       version: 1.0
|     capabilities:
|       node: http://www.process-one.net/en/ejabberd/
|       ver: TQ2JFyRoSa70h2G1bpgjzuXb2sU=
|     features:
|       In-Band Registration
|     auth_mechanisms:
|       DIGEST-MD5
|       SCRAM-SHA-1
|       PLAIN
|   pre_tls:
|     features:
|_      TLS

Requires

• match
• nmap
• shortport
• stdnse
• string
• table
• xmpp

---

Author:

• Vasiliy Kulikov

License: Same as Nmap--See https://nmap.org/book/man-legal.html