RPC Scan

Tool to communicate with RPC services and check misconfigurations on NFS shares

This tool currently has the following features:

• Listing RPC services using portmap

• Listing mountpoints on hosts using mount service

• Perform recursive listing on NFS share

• List a directory accessible via NFS

• Download a file accessible via NFS

Listing RPC services

rpc-scan.py <host/host_range> --rpc

Listing mountpoints

rpc-scan.py <host/host_range> --mounts

Recursing listing of NFS shares

rpc-scan.py <host/host_range> --nfs --recurse 3

nfs-ls.py

nfs-ls.py nfs://<host>/directory/path

nfs-get.py

nfs-get.py nfs://<host>/file/path.txt -d output_name.txt

Sample command :

python3 rpc-scan.py [Target IP address] --rpc