Didier Stevens

Thursday 5 July 2012

Nmap McAfee ePO Agent Script

Filed under: My Software,Networking — Didier Stevens @ 19:13

I’ve worked together with Daniel Miller (@bonsaiviking) on an Nmap version script to identify the McAfee ePO Agent. By default, this agent listens on port 8081 and replies to HTTP requests.

You can find the script here on the nmap site.

8081/tcp  open  http    McAfee ePolicy Orchestrator Agent (ePOServerName: EPOSERVER, AgentGuid: D2E157F4-B917-4D31-BEF0-32074BADF081)
Service Info: Host: TESTSERVER


  1. Is there any particular reason why you would be looking for ePO? We use ePO where I work and I’m worried now that there might some unadressed vulnerability …

    Comment by gdvissch — Wednesday 12 September 2012 @ 9:24

  2. @gdvissch Actually, I’m using it to find machines without ePO and which should have ePO.

    Comment by Didier Stevens — Wednesday 12 September 2012 @ 12:38

  3. Thanks for the update Didier as well as for the great articles you publish!

    Comment by gdvissch — Wednesday 12 September 2012 @ 17:13

  4. […] This new release of Nmap includes the McAfee ePO Agent Script I blogged about. […]

    Pingback by Nmap 6.25 With McAfee ePO Agent Script « Didier Stevens — Friday 30 November 2012 @ 13:04

  5. Cool – But how do you call the script? On the NMAP Script site it says you should run nmap with -sV , shouldn’t you call it with the –script? I’m using NMAP 6.01 in Backtrack 3r and it wont work.

    Comment by Torben Nielsen — Thursday 14 March 2013 @ 10:46

  6. @Torben This is a script for service fingerprinting. When you run nmap with option -sV and tcp port 8081 is open, the script will run.
    I wrote an article if you need more classic scripts that you launch wwith -script: http://www.net-security.org/dl/insecure/INSECURE-Mag-35.pdf

    Comment by Didier Stevens — Thursday 14 March 2013 @ 19:05

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 258 other followers

%d bloggers like this: