net.tcp prober

nettcpsprobe.py

import socket,struct,sys
if len(sys.argv)<3:
	print "Usage %s <host> <port> [Service]" % sys.argv[0]
	exit(-1)
DEBUG=0
if len(sys.argv)==4:
	svcname=sys.argv[3]
else:
	svcname="service-probe:8080/nonexistant"
svcname="net.tcp://"+svcname
vector="\x00\x01\x00\x01\x02\x02"
vector+=struct.pack('B',len(svcname))
vector+=svcname
# vector+="net.tcp://192.168.61.135:8080/ChatServicp"
vector+="\x03\x08\t\x15application/negotiate"
# print vector
# vector+="\t\x15application/negotiate"

s=socket.create_connection((sys.argv[1], int(sys.argv[2])),6)
s.send(vector)
data=s.recv(1024)
if data=="\x0a":
	print "%s:%s has a net.tcp service AND the service name matches!" % (sys.argv[1],sys.argv[2])
elif data.find("http://schemas.microsoft.com/ws/2006/05/framing/faults/EndpointNotFound")>-1:
	print "%s:%s has a net.tcp service" % (sys.argv[1],sys.argv[2])
elif data.find("http://schemas.microsoft.com/ws/2006/05/framing/faults/UpgradeInvalid")>-1:
	print "%s:%s has the %s net.tcp service BUT security mismatch" % (sys.argv[1],sys.argv[2],svcname)
else:
	print "%s:%s DOES NOT have a net.tcp service" % (sys.argv[1],sys.argv[2])

if DEBUG:
	print "Reply: %s\n%s" %(data,data.encode("hex"))