Nmap nfs-ls NSE Script
This page contains detailed information about how to use the nfs-ls NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/nfs-ls.nse
Script categories: discovery, safe
Target service / protocol: rpcbind, tcp, udp
Target network port(s): 111
List of CVEs: -
Script Description
The nfs-ls.nse script attempts to get useful information about files from NFS exports.
The output is intended to resemble the output of ls
.
The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For each mounted directory the script will try to list its file entries with their attributes.
Since the file attributes shown in the results are the result of GETATTR, READDIRPLUS, and similar procedures, the attributes are the attributes of the local filesystem.
These access permissions are shown only with NFSv3:
- Read: Read data from file or read a directory.
- Lookup: Look up a name in a directory (no meaning for non-directory objects).
- Modify: Rewrite existing file data or modify existing directory entries.
- Extend: Write new data or add directory entries.
- Delete: Delete an existing directory entry.
- Execute: Execute file (no meaning for a directory).
Recursive listing is not implemented.
Nfs-ls NSE Script Arguments
This is a full list of arguments supported by the nfs-ls.nse script:
nfs-ls.timeSpecifies which one of the last mac times to use in the files attributes output. Possible values are:
m
: last modification time (mtime)a
: last access time (atime)c
: last change time (ctime) The default value ism
(mtime).
The NFS protocol version to use
ls.checksum(boolean) Download each file and calculate a SHA1 checksum. Although this is a module argument, the implementation is done in each script and is currently only supported by smb-ls and http-ls
ls.empty(boolean) Report empty volumes (with no information or error)
ls.errors(boolean) Report errors
ls.human(boolean) Show file sizes in human-readable format with K, M, G, T, P suffixes. Some services return human-readable sizes natively; in these cases, the size is reported as given.
ls.maxdepthThe maximum depth to recurse into a directory. If less than 0 (e.g. -1) then recursion is unlimited. (default: 0, no recursion).
ls.maxfilesThe maximum number of files to return. Set to 0 or less to disable this limit. (default: 10).
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..]
syntax. For example:
nmap --script=nfs-ls --script-args nfs-ls.time=value,nfs.version=value <target>
Nfs-ls NSE Script Example Usage
Here's an example of how to use the nfs-ls.nse script:
nmap -p 111 --script=nfs-ls <target>
nmap -sV --script=nfs-ls <target>
Nfs-ls NSE Script Example Output
Here's a sample output from the nfs-ls.nse script:
PORT STATE SERVICE
111/tcp open rpcbind
| nfs-ls:
| Volume /mnt/nfs/files
| access: Read Lookup NoModify NoExtend NoDelete NoExecute
| PERMISSION UID GID SIZE MODIFICATION TIME FILENAME
| drwxr-xr-x 1000 100 4096 2010-06-17 12:28 /mnt/nfs/files
| drwxr--r-- 1000 1002 4096 2010-05-14 12:58 sources
| -rw------- 1000 1002 23606 2010-06-17 12:28 notes
|
| Volume /home/storage/backup
| access: Read Lookup Modify Extend Delete NoExecute
| PERMISSION UID GID SIZE MODIFICATION TIME FILENAME
| drwxr-xr-x 1000 100 4096 2010-06-11 22:31 /home/storage/backup
| -rw-r--r-- 1000 1002 0 2010-06-10 08:34 filetest
| drwx------ 1000 100 16384 2010-02-05 17:05 lost+found
| -rw-r--r-- 0 0 5 2010-06-10 11:32 rootfile
| lrwxrwxrwx 1000 1002 8 2010-06-10 08:34 symlink
|_
Nfs-ls NSE Script Example XML Output
Here's a sample XML output from the nfs-ls.nse script produced by providing the -oX <file>
Nmap option:
<table key="volumes">
<table>
<elem key="volume">/mnt/nfs/files</elem>
<table key="files">
<table>
<elem key="permission">drwxr-xr-x</elem>
<elem key="uid">1000</elem>
<elem key="gid">100</elem>
<elem key="size">4096</elem>
<elem key="time">2010-06-11 22:31</elem>
<elem key="filename">/mnt/nfs/files</elem>
</table>
<table>
<elem key="permission">-rw-r--r--</elem>
<elem key="uid">1000</elem>
<elem key="gid">1002</elem>
<elem key="size">0</elem>
<elem key="time">2010-06-10 08:34</elem>
<elem key="filename">filetest</elem>
</table>
<table>
<elem key="permission">drwx------</elem>
<elem key="uid">0</elem>
<elem key="gid">0</elem>
<elem key="size">16384</elem>
<elem key="time">2010-02-05 17:05</elem>
<elem key="filename">lost+found</elem>
</table>
<table>
<elem key="permission">-rw-r--r--</elem>
<elem key="uid">0</elem>
<elem key="gid">0</elem>
<elem key="size">5</elem>
<elem key="time">2010-06-10 11:32</elem>
<elem key="filename">rootfile</elem>
</table>
<table>
<elem key="permission">lrwxrwxrwx</elem>
<elem key="uid">1000</elem>
<elem key="gid">1002</elem>
<elem key="size">8</elem>
<elem key="time">2010-06-10 08:34</elem>
<elem key="filename">symlink</elem>
</table>
</table>
<table key="info">
<elem>access: Read Lookup NoModify NoExtend NoDelete NoExecute</elem>
</table>
</table>
</table>
<table key="total">
<elem key="files">5</elem>
<elem key="bytes">20493</elem>
</table>
Authors
- Patrik Karlsson
- Djalal Harouni
References
- https://nmap.org/nsedoc/scripts/nfs-ls.html
- https://github.com/nmap/nmap/tree/master/scripts/nfs-ls.nse
See Also
Related NSE scripts to the nfs-ls.nse script:
Visit Nmap NSE Library for more scripts.
The nfs-ls.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
ERROR attributes: %s
Here is a relevant code snippet related to the "ERROR attributes: %s" error message:
245: if v.attributes then
246: table.insert(files, v.name)
247: attrs[files[idx]] = table_attributes(nfs, v.name, v.attributes)
248: idx = idx + 1
249: else
250: stdnse.debug1("ERROR attributes: %s", v.name)
251: end
252: end
253:
254: table.sort(files)
255: for _, v in pairs(files) do
Mount error
Here is a relevant code snippet related to the "Mount error" error message:
371: status, mounts = procedures.ShowMounts(nfs_info.host)
372: if not status or mounts == nil then
373: if mounts then
374: return stdnse.format_output(false, mounts)
375: else
376: return stdnse.format_output(false, "Mount error")
377: end
378: end
379:
380: for _, v in ipairs(mounts) do
381: local err
Version
This page has been created based on Nmap version 7.92.
Go back to menu.