addition to -sV service detection switch

[Cemil Degirmenci <cd () wavecon de>]

Hello,

i just had some ideas to enhance the -sV switch.

I will make an example for dns here:

On Most DNS-Servers it is possible to get the Version by query the chaos 
  txt version.bind record like this:

cemil@fusie:~$ host -c chaos -t txt version.bind ns1.wavecon.de
Version.bind text "Served by POWERDNS 2.9.15 $Id: packethandler.cc,v 
1.22 2004/01/17 13:18:22 ahu Exp $"

Experiences show that this query is in 98% of all cases right (no, this 
is not a representative value - i just appraise it ;-) )


Same things could be done with HTTP ( query "HEAD / HTTP/1.0"  and do 
some regexp)

After a look at the nmap-service-probes file i saw that it seems not to 
 fit into the existing system... So - what do you think of that? Does 
it make sence? Or should there be an own switch like "-svV" :)


--
Mit freundlichen Gruessen / kind regards,

Cemil Degirmenci

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org