Nmap vnc-title NSE Script


This page contains detailed information about how to use the vnc-title NSE script. For list of all NSE scripts, visit the Nmap NSE Library.

Select:
Overview
Error Messages

Script Overview

Script source code: https://github.com/nmap/nmap/tree/master/scripts/vnc-title.nse
Script categories: intrusive, discovery
Target service / protocol: vnc, tcp
Target network port(s): 5900, 5901, 5902
List of CVEs: -

Script Description

The vnc-title.nse script tries to log into a VNC server and get its desktop name. Uses credentials discovered by vnc-brute, or None authentication types. If realvnc-auth-bypass was run and returned VULNERABLE, this script will use that vulnerability to bypass authentication.

Vnc-title NSE Script Arguments

This is a full list of arguments supported by the vnc-title.nse script:

creds.global

Credentials to be returned by Credentials.getCredentials regardless of the service.

creds.[service]

Credentials to be returned by Credentials.getCredentials for [service]. E.g. creds.http=admin:password

- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:

nmap --script=vnc-title --script-args creds.global=value,creds.\[service]=value <target>

Vnc-title NSE Script Example Usage

Here's an example of how to use the vnc-title.nse script:

nmap --script=vnc-title <target>

Vnc-title NSE Script Example Output

Here's a sample output from the vnc-title.nse script:

| vnc-title:
|   name: LibVNCServer
|   geometry: 800 x 600
|_  color_depth: 24

Vnc-title NSE Script Example XML Output

Here's a sample XML output from the vnc-title.nse script produced by providing the -oX <file> Nmap option:

 <elem key="name">QEMU (instance-00000002)</elem>
 <elem key="geometry">1024 x 768</elem>
 <elem key="color_depth">24</elem>

Author

  • Daniel Miller

References

See Also

Related NSE scripts to the vnc-title.nse script:

Visit Nmap NSE Library for more scripts.

The vnc-title.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.

RealVNC Auth Bypass failed.

Here is a relevant code snippet related to the "RealVNC Auth Bypass failed." error message:

56:	    v:sendSecType(vnc.VNC.sectypes.NONE)
57:	    status, data = v:login_none()
58:	    if status then
59:	      status, data = v:client_init(true)
60:	      if not status then
61:	        stdnse.debug1("RealVNC Auth Bypass failed.")
62:	      end
63:	    end
64:	    if not status then
65:	      -- clean up and start over
66:	      v:disconnect()

Couldn't log in: %s

Here is a relevant code snippet related to the "Couldn't log in: %s" error message:

87:	      --worth trying a None-type login
88:	      stdnse.debug1("Trying empty creds, for None security type")
89:	      status, data = v:login("", "")
90:	    end
91:	    if not status then
92:	      return fail(("Couldn't log in: %s"):format(data))
93:	    end
94:	    status, data = v:client_init(true)
95:	  end
96:	  if status then
97:	    local out = stdnse.output_table()

Version

This page has been created based on Nmap version 7.92.

Go back to menu.