Nmap broadcast-avahi-dos NSE Script

Script Overview

---

Script source code: https://github.com/nmap/nmap/tree/master/scripts/broadcast-avahi-dos.nse
Script categories: broadcast, dos, intrusive, vuln
Target service / protocol: -
Target network port(s): -
List of CVEs: CVE-2011-1002

Script Description

---

The broadcast-avahi-dos.nse script attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002).

The broadcast-avahi-dos.wait script argument specifies how many number of seconds to wait before a new attempt of host discovery. Each host who does not respond to this second attempt will be considered vulnerable.

Reference:

• http://avahi.org/ticket/325
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002

Broadcast-avahi-dos NSE Script Arguments

---

This is a full list of arguments supported by the broadcast-avahi-dos.nse script:

broadcast-avahi-dos.wait

Wait time in seconds before executing the check, the default value is 20 seconds.

max-newtargets

Sets the number of the maximum allowed new targets. If set to 0 or less then there is no limit. The default value is 0.

newtargets

If specified, lets NSE scripts add new targets.

- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:

nmap --script=broadcast-avahi-dos --script-args broadcast-avahi-dos.wait=value,max-newtargets=value <target>

Broadcast-avahi-dos NSE Script Example Usage

---

Here's an example of how to use the broadcast-avahi-dos.nse script:

nmap --script=broadcast-avahi-dos

Broadcast-avahi-dos NSE Script Example Output

---

Here's a sample output from the broadcast-avahi-dos.nse script:

| broadcast-avahi-dos:
|   Discovered hosts:
|     10.0.1.150
|     10.0.1.151
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|   Hosts that seem down (vulnerable):
|_    10.0.1.151

Broadcast-avahi-dos NSE Script Example XML Output

---

There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.

Author

---

• Djalal Harouni

References

---

• https://nmap.org/nsedoc/scripts/broadcast-avahi-dos.html
• https://github.com/nmap/nmap/tree/master/scripts/broadcast-avahi-dos.nse
• http://avahi.org/ticket/325
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002

See Also

---

Related NSE scripts to the broadcast-avahi-dos.nse script:

• broadcast-ataoe-discover.nse
• broadcast-bjnp-discover.nse
• broadcast-db2-discover.nse
• broadcast-dhcp6-discover.nse
• broadcast-dhcp-discover.nse
• broadcast-dns-service-discovery.nse
• broadcast-dropbox-listener.nse
• broadcast-eigrp-discovery.nse
• broadcast-hid-discoveryd.nse
• broadcast-igmp-discovery.nse
• broadcast-jenkins-discover.nse
• broadcast-listener.nse
• broadcast-ms-sql-discover.nse
• broadcast-netbios-master-browser.nse
• broadcast-networker-discover.nse
• broadcast-novell-locate.nse
• broadcast-ospf2-discover.nse
• broadcast-pc-anywhere.nse
• broadcast-pc-duo.nse
• broadcast-pim-discovery.nse
• broadcast-ping.nse
• broadcast-pppoe-discover.nse
• broadcast-rip-discover.nse
• broadcast-ripng-discover.nse
• broadcast-sonicwall-discover.nse
• broadcast-sybase-asa-discover.nse
• broadcast-tellstick-discover.nse
• broadcast-upnp-info.nse
• broadcast-versant-locate.nse
• broadcast-wake-on-lan.nse
• broadcast-wpad-discover.nse
• broadcast-wsdd-discover.nse
• broadcast-xdmcp-discover.nse

Visit Nmap NSE Library for more scripts.