nmap/scripts/riak-http-info.nse

local http = require "http"
local json = require "json"
local shortport = require "shortport"
local stdnse = require "stdnse"
local tab = require "tab"

description = [[
Retrieves information (such as node name and architecture) from a Basho Riak distributed database using the HTTP protocol.
]]

---
-- @usage
-- nmap -p 8098 <ip> --script riak-http-info
--
-- @output
-- PORT     STATE SERVICE
-- 8098/tcp open  http
-- | riak-http-info: 
-- |   Node name                  riak@127.0.0.1
-- |   Architecture               x86_64-unknown-linux-gnu
-- |   Storage backend            riak_kv_bitcask_backend
-- |   Total Memory               516550656
-- |   Crypto version             2.0.3
-- |   Skerl version              1.1.0
-- |   OS mon. version            2.2.6
-- |   Basho version              1.0.1
-- |   Lager version              0.9.4
-- |   Cluster info version       1.2.0
-- |   Luke version               0.2.4
-- |   SASL version               2.1.9.4
-- |   System driver version      1.5
-- |   Bitcask version            1.3.0
-- |   Riak search version        1.0.2
-- |   Riak kernel version        2.14.4
-- |   Riak stdlib version        1.17.4
-- |   Basho metrics version      1.0.0
-- |   WebMachine version         1.9.0
-- |   Public key version         0.12
-- |   Riak vore version          1.0.2
-- |   Riak pipe version          1.0.2
-- |   Runtime tools version      1.8.5
-- |   SSL version                4.1.5
-- |   MochiWeb version           1.5.1
-- |   Erlang JavaScript version  1.0.0
-- |   Riak kv version            1.0.2
-- |   Luwak version              1.1.2
-- |   Merge index version        1.0.1
-- |   Inets version              5.6
-- |_  Riak sysmon version        1.0.0
--

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}


portrule = shortport.port_or_service(8098, "http")

local filter = {
	["sys_system_architecture"] = { name = "Architecture" },
	["mem_total"] = { name = "Total Memory" },
	["crypto_version"] = { name = "Crypto version" },
	["skerl_version"] = { name = "Skerl version" },
	["os_mon_version"] = { name = "OS mon. version" },
	["nodename"] = { name = "Node name" },
	["basho_stats_version"] = { name = "Basho version" },
	["lager_version"] = { name = "Lager version" },
	["cluster_info_version"] = { name = "Cluster info version" },
	["luke_version"] = { name = "Luke version" },
	["sasl_version"] = { name = "SASL version" },
	["sys_driver_version"] = { name = "System driver version" },
	["bitcask_version"] = { name = "Bitcask version" },
	["riak_search_version"] = { name = "Riak search version" },
	["kernel_version"] = { name = "Riak kernel version" }, 
	["stdlib_version"] = { name = "Riak stdlib version" },
	["basho_metrics_version"] = { name = "Basho metrics version" },
	["webmachine_version"] = { name = "WebMachine version" },
	["public_key_version"] = { name = "Public key version" },
	["riak_core_version"] = { name = "Riak vore version" },
	["riak_pipe_version"] = { name = "Riak pipe version" },
	["runtime_tools_version"] = { name = "Runtime tools version" },
	["ssl_version"] = { name = "SSL version" },
	["mochiweb_version"] = { name = "MochiWeb version"},
	["erlang_js_version"] = { name = "Erlang JavaScript version" },
	["riak_kv_version"] = { name = "Riak kv version" },
	["luwak_version"] = { name = "Luwak version"},
	["merge_index_version"] = { name = "Merge index version" },
	["inets_version"] = { name = "Inets version" },
	["storage_backend"] = { name = "Storage backend" },
	["riak_sysmon_version"] = { name = "Riak sysmon version" },
}

local order = {
	"nodename", "sys_system_architecture", "storage_backend", "mem_total", 
	"crypto_version", "skerl_version", "os_mon_version", "basho_stats_version",
	"lager_version", "cluster_info_version",	"luke_version",	"sasl_version",
	"sys_driver_version", "bitcask_version", "riak_search_version",
	"kernel_version", "stdlib_version",	"basho_metrics_version",
	"webmachine_version", "public_key_version",	"riak_core_version",
	"riak_pipe_version", "runtime_tools_version", "ssl_version",
	"mochiweb_version",	"erlang_js_version", "riak_kv_version",
	"luwak_version", "merge_index_version",	"inets_version", "riak_sysmon_version"
}


local function fail(err) return ("\n  ERROR: %s"):format(err) end

action = function(host, port)

	local response = http.get(host, port, "/stats")
	
	if ( not(response) or response.status ~= 200 ) then
		return
	end
	
	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
	local _, http_status, _ = http.identify_404(host,port)
	if ( http_status == 200 ) then
		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
		return false
	end
  
	-- Silently abort if the server responds as anything different than
	-- MochiWeb
	if ( response.header['server'] and
		 not(response.header['server']:match("MochiWeb")) ) then
		return
	end
	
	local status, parsed = json.parse(response.body)
	if ( not(status) ) then
		return fail("Failed to parse response")
	end
	
	local result = tab.new(2)
	for _, item in ipairs(order) do
		if ( parsed[item] ) then
			local name = filter[item].name
			local val = ( filter[item].func and filter[item].func(parsed[item]) or parsed[item] )
			tab.addrow(result, name, val)
		end
	end
	return stdnse.format_output(true, tab.dump(result))

end