Nmap Development mailing list archives
Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display)
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 5 Jul 2004 12:02:21 +0200
On Mon, Jul 05, 2004 at 01:27:25AM -0700, Fyodor wrote:
Thanks! I have applied it for the next version of Nmap (coming soon ... quite possibly before I leave for HOPE 5 on Wednesday).
Maybe I will catch you with theese :-) - new matches: Barracuda Spam firewall BMC Perform Service Daemon AIX Web-based System Manager - fixes: Kazaa sometimes uses "\r\n" and sometimes just "\n" on the first line (maybe it's version-specific? hint!) (diff against v1.38 2004/07/05) --- nmap-service-probes.orig 2004-07-05 11:44:05.000000000 +0200 +++ nmap-service-probes 2004-07-05 11:54:42.000000000 +0200 @@ -781,6 +781,8 @@ match pcp m|^\0\0\0\x14\0\0p\0\0\0..\0\0\0\0\x02\x01\0\0| v/SGI Performance Co-Pilot/// +match smtp m|^220 SPAM, we hates it.\r\n| v/Barracuda Spam firewall/// + ##############################NEXT PROBE############################## Probe TCP GenericLines q|\r\n\r\n| ports 21,23,43,98,110,113,199,505,540,628,1040,1248,1467,1501,2010,3333,5432,5555,6112,6667-6670,11965,30444 @@ -890,6 +892,8 @@ match whois m|^% No entries found for the selected source\(s\)\.\n$| v/Merit IRRD whoisd/// match zebedee m|^\x02\x01$| v/Zebedee encrypted tunnel/// +match bmc-perform-service m|^SDPACK$| v/BMC Perform Service Daemon/// + ##############################NEXT PROBE############################## Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n| ports 70,79,80-85,88,113,139,143,280,497,515,540,554,631,783,993,995,1220,1503,2030,3052,3128,3372,3531,3689,5000,5432,5800,5900,6699,7070,8000-8010,8080-8085,8880-8888,9090,9999,10000,10005,11371,13722,15000,40193,4711 @@ -1252,7 +1256,7 @@ # Jabber 1.4.2 match jabber m|^<stream:error>Invalid XML</stream:error>$| v/Jabber instant messaging server/// -match kazaa-http m|^HTTP/1\.0 404 Not Found\r\nX-Kazaa-Username: ([-.+\w]+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| v/KaZaA P2P client//username: $1; network: $2/ +match kazaa-http m|^HTTP/1\.0 404 Not Found\(\r\)?\nX-Kazaa-Username: ([-.+\w]+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| v/KaZaA P2P client//username: $1; network: $2/ match kazaa-peerpoint m|^HTTP/1\.0 404 Not Found\n\r\n$| v/KaZaA P2P client Peer Point Manager/// match msdtc m|^...\0..$|s v/Microsoft Distributed Transaction Coordinator/// match msdtc m|^ERROR\n$|s v/Microsoft Distributed Transaction Coordinator//error/ @@ -1320,6 +1324,8 @@ match xml-rpc m|^HTTP/1\.0 400 Bad Request\r\nServer: Apache XML-RPC (\d[-.\w ]+)\r\n\r\nMethod GET not implemented \(try POST\)$| v/Apache XML-RPC/$1// +match wsmserver m|^Language received from client: GET\nSetlocale: C\n$| v/AIX Web-based System Manager/// + ##############################NEXT PROBE############################## Probe TCP HTTPOptions q|OPTIONS / HTTP/1.0\r\n\r\n| ports 80,5232,6000 Martin Mačok IT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Fyodor (Jul 05)
- Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Martin Mačok (Jul 05)