Merge pull request #10443 from projectdiscovery/pussycat0x-patch-10

Create db2-discover.yaml
main
Dhiyaneshwaran 2024-08-02 18:12:01 +05:30 committed by GitHub
commit d31c0cd255
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 58 additions and 0 deletions

View File

@ -0,0 +1,58 @@
id: db2-discover
info:
name: Broadcast DB2 Discover
author: pussycat0x
severity: info
description: |
Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp.
reference:
- https://nmap.org/nsedoc/scripts/broadcast-db2-discover.html
metadata:
shodan-query: port:523
verified: true
max-request: 1
tags: ibm,network,js,udp
javascript:
- pre-condition: |
isUDPPortOpen(Host,Port);
code: |
let packet = bytes.NewBuffer();
const c = require("nuclei/net");
const cmd = "DB2GETADDR\0SQL09010\0"
packet.WriteString(cmd)
let conn = c.Open('udp', `${Host}:${Port}`);
conn.SendHex(packet.Hex());
const result = conn.RecvString()
const cleanedString = result.replace(/\x00/g, '');
let combinedResult;
if (cleanedString.includes("DB2RETADDRSQL")) {
const regex = /^DB2RETADDRSQL(\d{2})(\d{2})(\d{1})(.*)$/;
const matches = cleanedString.match(regex);
const formattedNumber = matches ? `${matches[1]}.${matches[2]}.${matches[3]}` : '';
const hostname = matches ? matches[4] : '';
combinedResult = `Db2 Version: ${formattedNumber}, Hostname: ${hostname}`;
} else {
conn.Close();
}
combinedResult;
args:
Host: "{{Host}}"
Port: 523
matchers:
- type: dsl
dsl:
- "success == true"
extractors:
- type: dsl
dsl:
- response