diff --git a/modules/test/services/conf/module_config.json b/modules/test/services/conf/module_config.json index 375759d50..b37435eda 100644 --- a/modules/test/services/conf/module_config.json +++ b/modules/test/services/conf/module_config.json @@ -372,6 +372,22 @@ "Disable the NTP server", "Drop traffic entering port 123/udp" ] + }, + { + "name": "protocol.services.bacnet", + "test_description": "Report whether the device is running a BACnet server", + "expected_behavior": "The device may or may not be running a BACnet server", + "config": { + "services": [ + "bacnet" + ], + "ports": [ + { + "number": 47808, + "type": "udp" + } + ] + } } ] } diff --git a/modules/test/services/python/src/services_module.py b/modules/test/services/python/src/services_module.py index 56458ff64..1a783e7dc 100644 --- a/modules/test/services/python/src/services_module.py +++ b/modules/test/services/python/src/services_module.py @@ -196,10 +196,9 @@ def _process_port_results(self): self._scan_results.update(self._scan_udp_results) def _scan_tcp_ports(self): - max_port = 10000 LOGGER.info('Running nmap TCP port scan') nmap_results = util.run_command( # pylint: disable=E1120 - f'''nmap --open -sT -sV -Pn -v -p 1-{max_port} + f'''nmap --open -sT -sV -Pn -v -p 1-65535 --version-intensity 7 -T4 -oX - {self._ipv4_addr}''')[0] LOGGER.info('TCP port scan complete') @@ -225,7 +224,7 @@ def _scan_udp_ports(self): if len(ports) > 0: port_list = ','.join(ports) LOGGER.info('Running nmap UDP port scan') - LOGGER.debug('UDP ports: ' + str(port_list)) + LOGGER.info('UDP ports: ' + str(port_list)) nmap_results = util.run_command( # pylint: disable=E1120 f'nmap -sU -sV -p {port_list} -oX - {self._ipv4_addr}')[0] LOGGER.info('UDP port scan complete') @@ -421,3 +420,15 @@ def _security_ssh_version(self, config): else: return (False, f"SSH server found running {open_port_info['version']}") + + def _protocol_services_bacnet(self, config): + LOGGER.info('Running protocol.services.bacnet') + + open_ports = self._check_results(config['ports'], config['services']) + if len(open_ports) == 0: + return False, 'No BACnet server found' + else: + return ( + True, + f'''Found BACnet server running on port {', '.join(open_ports)}''' + )