{"id":23989581,"url":"https://github.com/cyberroute/rdpscan","last_synced_at":"2025-07-06T22:38:58.690Z","repository":{"id":210884152,"uuid":"727667344","full_name":"CyberRoute/rdpscan","owner":"CyberRoute","description":"Hacking the RDP protocol - Sending an incomplete CredSSP (NTLM) authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version.","archived":false,"fork":false,"pushed_at":"2023-12-07T13:43:40.000Z","size":6,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-28T18:46:44.367Z","etag":null,"topics":["information-disclosure","nmap","nmap-scripts","rdp","scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberRoute.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-05T10:30:38.000Z","updated_at":"2024-11-16T21:56:05.000Z","dependencies_parsed_at":"2023-12-07T14:47:13.584Z","dependency_job_id":null,"html_url":"https://github.com/CyberRoute/rdpscan","commit_stats":null,"previous_names":["cyberroute/rdpscan"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberRoute/rdpscan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberRoute%2Frdpscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberRoute%2Frdpscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberRoute%2Frdpscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberRoute%2Frdpscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberRoute","download_url":"https://codeload.github.com/CyberRoute/rdpscan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberRoute%2Frdpscan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263984989,"owners_count":23539769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["information-disclosure","nmap","nmap-scripts","rdp","scanner"],"created_at":"2025-01-07T17:32:01.368Z","updated_at":"2025-07-06T22:38:58.664Z","avatar_url":"https://github.com/CyberRoute.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## RDP Scanner\nThis Python script performs an RDP (Remote Desktop Protocol) scan on a specified IP address and port. The script utilizes the nmap tool to run two NSE (Nmap Scripting Engine) scripts: rdp-ntlm-info and rdp-enum-encryption. It then extracts relevant information, including NTLM details, and builds a Common Platform Enumeration (CPE) string. The results are saved to an output file.\n\n##Prerequisites\nEnsure that nmap is installed on your system.\n\n## Usage\n```\npython rdp_extractor.py \u003cip_address\u003e \u003cport\u003e \u003coutput_file\u003e\n\n```\n\nExample Output\n```\n(env) alessandro@xps:~/Development/rdp$ python rdp_extractor.py 207.81.231.54 3389 rep\nRDP-NTLM-Info scan successful. Results saved to rep\nRDP-Enum-Encryption scan successful. Results appended to rep\n(env) alessandro@xps:~/Development/rdp$ cat rep \n************ RDP-NTLM-Info Results ************\nTarget Name: OFFICE\nNetBIOS Domain Name: OFFICE\nNetBIOS Computer Name: SERVER2020-RDP\nDNS Domain Name: office.local\nDNS Computer Name: server2020-rdp.office.local\nDNS Tree Name: office.local\nProduct Version: 10.0.17763\nCPE: cpe:2.3:a:microsoft:windows:10.0.17763\n\n\n************ RDP-Enum-Encryption Results ************\nStarting Nmap 7.80 ( https://nmap.org ) at 2023-12-05 11:44 CET\nNmap scan report for d207-81-231-54.bchsia.telus.net (207.81.231.54)\nHost is up (0.29s latency).\n\nPORT     STATE SERVICE\n3389/tcp open  ms-wbt-server\n| rdp-enum-encryption: \n|   Security layer\n|     CredSSP (NLA): SUCCESS\n|     CredSSP with Early User Auth: SUCCESS\n|_    RDSTLS: SUCCESS\n\nNmap done: 1 IP address (1 host up) scanned in 7.35 seconds\n\n```\n\n# Script Components\n\n1. parse_ntlm_info(output)\nParses the output of the rdp-ntlm-info script using regular expressions.\nExtracts information such as Target Name, NetBIOS Domain Name, NetBIOS Computer Name, DNS Domain Name, DNS Computer Name, DNS Tree Name, and Product Version.\n\n2. build_cpe(ntlm_info)\nBuilds a CPE string based on the extracted NTLM information.\nUses the vendor \"Microsoft,\" product \"Windows,\" and the product version (if available).\n\n3. get_screenshot()\n[To be implemented] Function to capture an RDP screenshot.\n\n4. scan_rdp(ip_address, port, output_file)\nRuns the rdp-ntlm-info script using nmap.\nParses NTLM information and builds a CPE string.\nSaves the results to the specified output file.\n[Optional] Runs the rdp-enum-encryption script and appends the results to the same output file\n\n# CVE helper script\n\nWith the informations gathered byt the above script is possible to easily figure out the CPE of the relative system\neg: cpe:2.3:a:microsoft:windows:10.0.17763 is cpe:2.3:o:microsoft:windows_10:1809 \u003e this is how I figured out to query\nthe NVD database of CVEs see - https://nvd.nist.gov/products/cpe/detail/1EFCEE85-EB7B-4D97-8675-57A3A5DA72DE?namingFormat=2.3\u0026orderBy=CPEURI\u0026keyword=cpe%3A2.3%3Ao%3Amicrosoft%3Awindows_10_1809\u0026status=FINAL%2CDEPRECATED\n\n```\n(env) alessandro@xps:~/Development/rdp$ python3 cve.py -cpe \"cpe:2.3:o:microsoft:windows_10:1809\"\nCVEs for Windows version cpe:2.3:o:microsoft:windows_10:1809:\nCVE-2013-3900\nCVE-2015-6184\nCVE-2016-0088\nCVE-2016-0089\nCVE-2016-0090\nCVE-2015-8823\nCVE-2016-0168\nCVE-2016-0170\nCVE-2016-0171\nCVE-2016-0173\nCVE-2016-0174\nCVE-2016-0175\nCVE-2016-0176\nCVE-2016-0179\nCVE-2016-0180\nCVE-2016-0196\nCVE-2016-0197\nCVE-2016-3215\nCVE-2016-4171\nCVE-2016-8008\n\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberroute%2Frdpscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberroute%2Frdpscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberroute%2Frdpscan/lists"}