RPCScan

Tool to communicate with RPC services and check misconfigurations on NFS shares

This tool currently has the following features:

Listing RPC services using portmap
Listing mountpoints on hosts using mount service
Perform recursive listing on NFS share
List a directory accessible via NFS
Download a file accessible via NFS

RPCScan Usage

If the 'insecure' paramater is not set on the NFS server configuration, it will be necessary to run the script as root because the NFS server will check whether the incomming communication comes from a source port <= 1024 when connecting with uid=0 (root).

rpc-scan.py

Listing RPC services

rpc-scan.py <host/host_range> --rpc

Listing mountpoints

rpc-scan.py <host/host_range> --mounts

Recursing listing of NFS shares

rpc-scan.py <host/host_range> --nfs --recurse 3

nfs-ls.py

nfs-ls.py nfs://<host>/directory/path

nfs-get.py

nfs-get.py nfs://<host>/file/path.txt -d output_name.txt

Dependencies

python3
argparse

Misc

The rpc_names.csv file is taken from the IANA website: https://www.iana.org/assignments/rpc-program-numbers/rpc-program-numbers.xhtml

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
lib		lib
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
nfs-get.py		nfs-get.py
nfs-ls.py		nfs-ls.py
rpc-scan.py		rpc-scan.py
rpc_names.csv		rpc_names.csv

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

RPCScan

RPCScan Usage

rpc-scan.py

Listing RPC services

Listing mountpoints

Recursing listing of NFS shares

nfs-ls.py

nfs-get.py

Dependencies

Misc

About

Releases

Packages

Languages

License

hegusung/RPCScan

Folders and files

Latest commit

History

Repository files navigation

RPCScan

RPCScan Usage

rpc-scan.py

Listing RPC services

Listing mountpoints

Recursing listing of NFS shares

nfs-ls.py

nfs-get.py

Dependencies

Misc

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages