https://github.com/chanakayaa/rdp-mitm-detection-script
Nmap script designed to check if an RDP (Remote Desktop Protocol) server is vulnerable to Man-in-the-Middle (MITM) attacks. The script detects weak encryption configurations or the absence of Network Level Authentication (NLA) in RDP servers.
https://github.com/chanakayaa/rdp-mitm-detection-script
lua-script nmap nmap-scan-script nmap-scripts
Last synced: 3 months ago
JSON representation
Nmap script designed to check if an RDP (Remote Desktop Protocol) server is vulnerable to Man-in-the-Middle (MITM) attacks. The script detects weak encryption configurations or the absence of Network Level Authentication (NLA) in RDP servers.
- Host: GitHub
- URL: https://github.com/chanakayaa/rdp-mitm-detection-script
- Owner: chanakayaa
- Created: 2024-09-17T16:23:26.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-09-17T16:25:47.000Z (9 months ago)
- Last Synced: 2025-01-13T08:30:55.415Z (5 months ago)
- Topics: lua-script, nmap, nmap-scan-script, nmap-scripts
- Language: Lua
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Here's a complete README for your RDP MITM Detection Script repository:
---
# RDP MITM Detection Script
This repository contains an Nmap script designed to check if an RDP (Remote Desktop Protocol) server is vulnerable to Man-in-the-Middle (MITM) attacks. The script detects weak encryption configurations or the absence of Network Level Authentication (NLA) in RDP servers.
## Description
The RDP MITM Detection Script performs the following tasks:
- Checks if the RDP server is vulnerable to MITM attacks.
- Detects weak encryption configurations or missing NLA by initiating an RDP connection and analyzing the server's response.
## Features
- **Detect Weak Encryption**: Identifies if the RDP server supports weak encryption algorithms.
- **Check NLA Status**: Determines if Network Level Authentication is enabled or missing.
- **Automated Detection**: Integrates with Nmap to automate the detection process.
## Prerequisites
- **Nmap**: The script is designed to be used with Nmap. Ensure Nmap is installed and properly configured on your system.
## Installation
1. **Clone the repository:**
```bash
git clone https://github.com/yourusername/rdp-mitm-detection.git
cd rdp-mitm-detection
```
2. **Add the Script to Nmap's Script Directory:**
Copy the script to Nmap's script directory, typically found at `/usr/share/nmap/scripts/` on Linux systems or `C:\Program Files (x86)\Nmap\scripts\` on Windows.
```bash
sudo cp rdp_mitm_detection.nse /usr/share/nmap/scripts/
```
3. **Update Nmap Script Database:**
Update the Nmap script database to include the new script.
```bash
sudo nmap --script-updatedb
```
## Usage
To use the script, run Nmap with the `--script` option and specify the target. For example:
```bash
nmap -p 3389 --script rdp_mitm_detection
```
- Replace `` with the IP address of the RDP server you want to scan.
## Script Details
- **Script Name**: `rdp_mitm_detection.nse`
- **Author**: Your Name
- **License**: Same as Nmap - see [Nmap License](https://nmap.org/book/man-legal.html)
- **Categories**: `safe`, `discovery`
## Contributing
Contributions are welcome! If you have any improvements or bug fixes, feel free to submit a pull request or open an issue.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---