Nmap vnc-title NSE Script
This page contains detailed information about how to use the vnc-title NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/vnc-title.nse
Script categories: intrusive, discovery
Target service / protocol: vnc, tcp
Target network port(s): 5900, 5901, 5902
List of CVEs: -
Script Description
The vnc-title.nse script tries to log into a VNC server and get its desktop name. Uses credentials
discovered by vnc-brute, or None authentication types. If
realvnc-auth-bypass
was run and returned VULNERABLE, this script
will use that vulnerability to bypass authentication.
Vnc-title NSE Script Arguments
This is a full list of arguments supported by the vnc-title.nse script:
creds.globalCredentials to be returned by Credentials.getCredentials regardless of the service.
creds.[service]Credentials to be returned by Credentials.getCredentials for [service]. E.g. creds.http=admin:password
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..]
syntax. For example:
nmap --script=vnc-title --script-args creds.global=value,creds.\[service]=value <target>
Vnc-title NSE Script Example Usage
Here's an example of how to use the vnc-title.nse script:
nmap --script=vnc-title <target>
Vnc-title NSE Script Example Output
Here's a sample output from the vnc-title.nse script:
| vnc-title:
| name: LibVNCServer
| geometry: 800 x 600
|_ color_depth: 24
Vnc-title NSE Script Example XML Output
Here's a sample XML output from the vnc-title.nse script produced by providing the -oX <file>
Nmap option:
<elem key="name">QEMU (instance-00000002)</elem>
<elem key="geometry">1024 x 768</elem>
<elem key="color_depth">24</elem>
Author
- Daniel Miller
References
- https://nmap.org/nsedoc/scripts/vnc-title.html
- https://github.com/nmap/nmap/tree/master/scripts/vnc-title.nse
See Also
Related NSE scripts to the vnc-title.nse script:
Visit Nmap NSE Library for more scripts.
The vnc-title.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
RealVNC Auth Bypass failed.
Here is a relevant code snippet related to the "RealVNC Auth Bypass failed." error message:
56: v:sendSecType(vnc.VNC.sectypes.NONE)
57: status, data = v:login_none()
58: if status then
59: status, data = v:client_init(true)
60: if not status then
61: stdnse.debug1("RealVNC Auth Bypass failed.")
62: end
63: end
64: if not status then
65: -- clean up and start over
66: v:disconnect()
Couldn't log in: %s
Here is a relevant code snippet related to the "Couldn't log in: %s" error message:
87: --worth trying a None-type login
88: stdnse.debug1("Trying empty creds, for None security type")
89: status, data = v:login("", "")
90: end
91: if not status then
92: return fail(("Couldn't log in: %s"):format(data))
93: end
94: status, data = v:client_init(true)
95: end
96: if status then
97: local out = stdnse.output_table()
Version
This page has been created based on Nmap version 7.92.
Go back to menu.