Nmap rpc-grind NSE Script
This page contains detailed information about how to use the rpc-grind NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/rpc-grind.nse
Script categories: version
Target service / protocol: rpcbind
Target network port(s): any
List of CVEs: -
Script Description
The rpc-grind.nse script fingerprints the target RPC port to extract the target service, RPC number and version.
The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from the target port. A reply with a RPC accept state 2 (Remote can't support version) means that we the request sent the matching program number, and we proceed to extract the supported versions. A reply with an accept state RPC accept state 1 (remote hasn't exported program) means that we have sent the incorrect program number. Any other accept state is an incorrect behaviour.
Rpc-grind NSE Script Arguments
This is a full list of arguments supported by the rpc-grind.nse script:
rpc-grind.threads
Number of grinding threads. Defaults to 4
- - -
To use this script argument, add it to Nmap command line like in this example:
nmap --script=rpc-grind --script-args rpc-grind.threads=value <target>Rpc-grind NSE Script Example Usage
Here's an example of how to use the rpc-grind.nse script:
nmap -sV <target>
nmap --script rpc-grind <target>
nmap --script rpc-grind --script-args 'rpc-grind.threads=8' -p <targetport>
<target>
Rpc-grind NSE Script Example Output
Here's a sample output from the rpc-grind.nse script:
PORT STATE SERVICE VERSION
53344/udp open walld 1 (RPC #100008)
Rpc-grind NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Hani Benhabiles
References
- https://nmap.org/nsedoc/scripts/rpc-grind.html
- https://github.com/nmap/nmap/tree/master/scripts/rpc-grind.nse
See Also
Related NSE scripts to the rpc-grind.nse script:
Visit Nmap NSE Library for more scripts.
The rpc-grind.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Could not find nmap-rpc file.
Here is a relevant code snippet related to the "Could not find nmap-rpc file." error message:
121: -- @return number RPC number of the matching service name.
122: local rpcIterator = function()
123: -- Check if nmap-rpc file is present.
124: local path = nmap.fetchfile("nmap-rpc")
125: if not path then
126: stdnse.debug1("Could not find nmap-rpc file.")
127: return false
128: end
129:
130: -- And is readable
131: local nmaprpc, _, _ = io.open( path, "r" )
Could not open nmap-rpc for reading.
Here is a relevant code snippet related to the "Could not open nmap-rpc for reading." error message:
128: end
129:
130: -- And is readable
131: local nmaprpc, _, _ = io.open( path, "r" )
132: if not nmaprpc then
133: stdnse.debug1("Could not open nmap-rpc for reading.")
134: return false
135: end
136:
137: return function()
138: while true do
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
