Nmap nfs-ls NSE Script


This page contains detailed information about how to use the nfs-ls NSE script. For list of all NSE scripts, visit the Nmap NSE Library.

Select:
Overview
Error Messages

Script Overview

Script source code: https://github.com/nmap/nmap/tree/master/scripts/nfs-ls.nse
Script categories: discovery, safe
Target service / protocol: rpcbind, tcp, udp
Target network port(s): 111
List of CVEs: -

Script Description

The nfs-ls.nse script attempts to get useful information about files from NFS exports. The output is intended to resemble the output of ls.

The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For each mounted directory the script will try to list its file entries with their attributes.

Since the file attributes shown in the results are the result of GETATTR, READDIRPLUS, and similar procedures, the attributes are the attributes of the local filesystem.

These access permissions are shown only with NFSv3:

  • Read: Read data from file or read a directory.
  • Lookup: Look up a name in a directory (no meaning for non-directory objects).
  • Modify: Rewrite existing file data or modify existing directory entries.
  • Extend: Write new data or add directory entries.
  • Delete: Delete an existing directory entry.
  • Execute: Execute file (no meaning for a directory).

Recursive listing is not implemented.

Nfs-ls NSE Script Arguments

This is a full list of arguments supported by the nfs-ls.nse script:

nfs-ls.time

Specifies which one of the last mac times to use in the files attributes output. Possible values are:

  • m: last modification time (mtime)
  • a: last access time (atime)
  • c: last change time (ctime) The default value is m (mtime).

nfs.version

The NFS protocol version to use

ls.checksum

(boolean) Download each file and calculate a SHA1 checksum. Although this is a module argument, the implementation is done in each script and is currently only supported by smb-ls and http-ls

ls.empty

(boolean) Report empty volumes (with no information or error)

ls.errors

(boolean) Report errors

ls.human

(boolean) Show file sizes in human-readable format with K, M, G, T, P suffixes. Some services return human-readable sizes natively; in these cases, the size is reported as given.

ls.maxdepth

The maximum depth to recurse into a directory. If less than 0 (e.g. -1) then recursion is unlimited. (default: 0, no recursion).

ls.maxfiles

The maximum number of files to return. Set to 0 or less to disable this limit. (default: 10).

- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:

nmap --script=nfs-ls --script-args nfs-ls.time=value,nfs.version=value <target>

Nfs-ls NSE Script Example Usage

Here's an example of how to use the nfs-ls.nse script:

nmap -p 111 --script=nfs-ls <target>

nmap -sV --script=nfs-ls <target>

Nfs-ls NSE Script Example Output

Here's a sample output from the nfs-ls.nse script:

PORT    STATE SERVICE
111/tcp open  rpcbind
| nfs-ls:
|   Volume /mnt/nfs/files
|   access: Read Lookup NoModify NoExtend NoDelete NoExecute
|   PERMISSION  UID   GID   SIZE     MODIFICATION TIME  FILENAME
|   drwxr-xr-x  1000  100   4096     2010-06-17 12:28   /mnt/nfs/files
|   drwxr--r--  1000  1002  4096     2010-05-14 12:58   sources
|   -rw-------  1000  1002  23606    2010-06-17 12:28   notes
|
|   Volume /home/storage/backup
|   access: Read Lookup Modify Extend Delete NoExecute
|   PERMISSION  UID   GID   SIZE     MODIFICATION TIME  FILENAME
|   drwxr-xr-x  1000  100   4096     2010-06-11 22:31   /home/storage/backup
|   -rw-r--r--  1000  1002  0        2010-06-10 08:34   filetest
|   drwx------  1000  100   16384    2010-02-05 17:05   lost+found
|   -rw-r--r--  0     0     5        2010-06-10 11:32   rootfile
|   lrwxrwxrwx  1000  1002  8        2010-06-10 08:34   symlink
|_

Nfs-ls NSE Script Example XML Output

Here's a sample XML output from the nfs-ls.nse script produced by providing the -oX <file> Nmap option:

 <table key="volumes">
   <table>
     <elem key="volume">/mnt/nfs/files</elem>
     <table key="files">
       <table>
         <elem key="permission">drwxr-xr-x</elem>
         <elem key="uid">1000</elem>
         <elem key="gid">100</elem>
         <elem key="size">4096</elem>
         <elem key="time">2010-06-11 22:31</elem>
         <elem key="filename">/mnt/nfs/files</elem>
       </table>
       <table>
         <elem key="permission">-rw-r-&#45;r-&#45;</elem>
         <elem key="uid">1000</elem>
         <elem key="gid">1002</elem>
         <elem key="size">0</elem>
         <elem key="time">2010-06-10 08:34</elem>
         <elem key="filename">filetest</elem>
       </table>
       <table>
         <elem key="permission">drwx-&#45;&#45;&#45;&#45;&#45;</elem>
         <elem key="uid">0</elem>
         <elem key="gid">0</elem>
         <elem key="size">16384</elem>
         <elem key="time">2010-02-05 17:05</elem>
         <elem key="filename">lost+found</elem>
       </table>
       <table>
         <elem key="permission">-rw-r-&#45;r-&#45;</elem>
         <elem key="uid">0</elem>
         <elem key="gid">0</elem>
         <elem key="size">5</elem>
         <elem key="time">2010-06-10 11:32</elem>
         <elem key="filename">rootfile</elem>
       </table>
       <table>
         <elem key="permission">lrwxrwxrwx</elem>
         <elem key="uid">1000</elem>
         <elem key="gid">1002</elem>
         <elem key="size">8</elem>
         <elem key="time">2010-06-10 08:34</elem>
         <elem key="filename">symlink</elem>
       </table>
     </table>
     <table key="info">
       <elem>access: Read Lookup NoModify NoExtend NoDelete NoExecute</elem>
     </table>
   </table>
 </table>
 <table key="total">
   <elem key="files">5</elem>
   <elem key="bytes">20493</elem>
 </table>

Authors

  • Patrik Karlsson
  • Djalal Harouni

References

See Also

Related NSE scripts to the nfs-ls.nse script:

Visit Nmap NSE Library for more scripts.

The nfs-ls.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.

ERROR attributes: %s

Here is a relevant code snippet related to the "ERROR attributes: %s" error message:

245:	    if v.attributes then
246:	      table.insert(files, v.name)
247:	      attrs[files[idx]] = table_attributes(nfs, v.name, v.attributes)
248:	      idx = idx + 1
249:	    else
250:	      stdnse.debug1("ERROR attributes:  %s", v.name)
251:	    end
252:	  end
253:	
254:	  table.sort(files)
255:	  for _, v in pairs(files) do

Mount error

Here is a relevant code snippet related to the "Mount error" error message:

371:	  status, mounts = procedures.ShowMounts(nfs_info.host)
372:	  if not status or mounts == nil then
373:	    if mounts then
374:	      return stdnse.format_output(false, mounts)
375:	    else
376:	      return stdnse.format_output(false, "Mount error")
377:	    end
378:	  end
379:	
380:	  for _, v in ipairs(mounts) do
381:	    local err

Version

This page has been created based on Nmap version 7.92.

Go back to menu.