Nmap Development mailing list archives
New NSE Library: "datafiles" for parsing nmap-*
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 28 Mar 2008 01:24:22 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey everyone,
You may recall that I converted Sven's rpcinfo.nse from using a huge RPC
table to reading from the nmap-rpc with nmap.fetchfile(). I figure his
script isn't the only one that will ever want to read from nmap-rpc, so
why not move it to nselib? In fact, why not add parsing functions for
other nmap-* data files as well?
I've attached the following: a "datafiles" library (name subject to
change with any suggestions), another patch against rpcinfo.nse, and a
very crude but straightforward NSE script to show how the datafiles
library behaves (a lot of output!).
The datafiles library has the following, cleverly-named functions:
parse_protocols(), parse_rpc(), and parse_services([proto]).
datafiles.parse_protocols() returns a table with the protocol numbers
indexing the protocol names. Uses nmap-protocols.
datafiles.parse_rpc() returns a table with the RPC numbers indexing the
RPC names. Uses nmap-rpc.
datafiles.parse_services([proto]) typically returns a table in the form
{tcp={}, udp{}}. tcp{} is a table with the TCP port numbers indexing
the service names. udp{} is the same, but with UDP ports and services.
You can also call this function with the specified protocol to only
return that table (e.g. datafiles.parse_services("tcp") only returns
tcp{}). Uses nmap-services.
In addition to returning the previously discussed tables, these
functions also return true/false values for exception handling. If
false is returned, an error message is returned instead of the table:
<true|false>, <table|error message> = datafiles.parse_*()
Please try it out and let me know what you think! Any comments or
suggestions are appreciated. All of this seems straightforward and
works fine for me, and hopefully it will for everyone else as well.
Thanks,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBR+yPFP9K37xXYl36AQK1jg/9FUGbGXFAEu5XJHF+iUuzSJly8T65iJ8T
g1Z30Uz8sqC6icux6zt3wAIreDLb47a5fRXyZh9dovtY9VgraJkDwfpGCZyZYpRt
XAFG09iKVVrcjyYsHHeHRnG8MaAma+S9JhfAbD1KeQtRZuTokh0ki4y/X5msixZJ
Ag6YQwE5J/+VgxOI/L3/PTAXCE8JCoQXClwlgnr4HKYTJM6FrK3EQFA8R+dk+O2e
PN7UqSlSAgnLBMxeuDr1jV6RRQ/QSiTjG11eXYn4Vja/J2nCHP7jLUVUZe4blqkE
AVOr9FqkUCtV82HhniDo3cNF1kWYnGV4y4YmGAM/Iz17vgbU2jTieNh5oCNFtubn
5FXNFfOJ7Xoz6ndlzoWkbpZR4353iXX96oa/+y5jyCr7e8o53cbeZNFPaXiwbYV+
bNPWzAAApfw18LVBrR7cy3AzXkBZ2WQrVClQlUruoAbR6V4slgjm3nCn8oLbv0Xp
j5tPGZqnQtkhoRzBKL2fb59Hd+Bx8pgMYiemFtV4lWviAPJsjCviwx3Ni4Vz54r9
6Q5D0SBUuce2zyklhb6JSX8vnj1eJhQbD2gHHjYIPcBCxogLpiLlfJ6AYwkMW5Qu
4UAZlk7wVGkXpa/+dKGzd6ctgV2mHbiHKasLJHRAkbM+WSoMm7eEL7s2/du1LZDe
u8zrHwnefok=
=fGfY
-----END PGP SIGNATURE-----
-- Kris Katterjohn 03/2008
module(..., package.seeall)
require 'stdnse'
-- These tables are filled by the following fill* functions
local protocols_table = {}
local rpc_table = {}
local services_table = {tcp={}, udp={}}
-- Fills protocols_table{} with values read from nmap-protocols
local fillprotocols = function()
if #protocols_table ~= 0 then
return true
end
local path = nmap.fetchfile("nmap-protocols")
if path == nil then
return false
end
local file = io.open(path, "r")
-- Loops through Protocols file line-by-line
while true do
local l = file:read()
if not l then
break
end
l = l:gsub("%s*#.*", "")
if l:len() ~= 0 then
local m = l:gsub("^([%a%d_]+)%s+(%d+).*", "%2=%1")
if m:match("=") then
local t = stdnse.strsplit("=", m)
protocols_table[tonumber(t[1])] = t[2]
end
end
end
file:close()
return true
end
-- Fills rpc_table{} with values read from nmap-rpc
local fillrpc = function()
if #rpc_table ~= 0 then
return true
end
local path = nmap.fetchfile("nmap-rpc")
if path == nil then
return false
end
local file = io.open(path, "r")
-- Loops through RPC file line-by-line
while true do
local l = file:read()
if not l then
break
end
l = l:gsub("%s*#.*", "")
if l:len() ~= 0 then
local m = l:gsub("^([%a%d_]+)%s+(%d+).*", "%2=%1")
if m:match("=") then
local t = stdnse.strsplit("=", m)
rpc_table[tonumber(t[1])] = t[2]
end
end
end
file:close()
return true
end
-- Fills services_table{} with values read from nmap-services
local fillservices = function()
if #services_table["tcp"] ~= 0 or #services_table["udp"] ~= 0 then
return true
end
local path = nmap.fetchfile("nmap-services")
if path == nil then
return false
end
local file = io.open(path, "r")
-- Loops through Services file line-by-line
while true do
local l = file:read()
if not l then
break
end
l = l:gsub("%s*#.*", "")
if l:len() ~= 0 then
local m = l:gsub("^([%a%d_]+)%s+([%a%d/]+).*", "%2=%1")
if m:match("=") and m:match("/") then
local t = stdnse.strsplit("=", m)
local s = stdnse.strsplit("/", t[1])
if s[2] ~= "tcp" and s[2] ~= "udp" then
services_table = {tcp={}, udp={}}
return false
end
services_table[s[2]][tonumber(s[1])] = t[2]
end
end
end
file:close()
return true
end
parse_protocols = function()
if not fillprotocols() then
return false, "Error parsing nmap-protocols"
end
return true, protocols_table
end
parse_rpc = function()
if not fillrpc() then
return false, "Error parsing nmap-rpc"
end
return true, rpc_table
end
parse_services = function(protocol)
if protocol and protocol ~= "tcp" and protocol ~= "udp" then
return false, "Bad protocol for nmap-services: use tcp or udp"
end
if not fillservices() then
return false, "Error parsing nmap-services"
end
if protocol then
return true, services_table[protocol]
else
return true, services_table
end
end
Index: scripts/rpcinfo.nse
===================================================================
--- scripts/rpcinfo.nse (revision 7012)
+++ scripts/rpcinfo.nse (working copy)
@@ -8,44 +8,8 @@
require "shortport"
require "packet"
require "stdnse"
+require "datafiles"
-local rpc_numbers = {}
-
--- Fills rpc_numbers with values read from RPC file - Kris Katterjohn
-local fillrpc = function()
- local path = nmap.fetchfile("nmap-rpc")
-
- if path == nil then
- return false, "Can't read from RPC file!"
- end
-
- local file = io.open(path, "r")
-
- -- Loops through RPC file line-by-line
- while true do
- local l = file:read()
-
- if not l then
- break
- end
-
- l = l:gsub("%s*#.*", "")
-
- if l:len() ~= 0 then
- local m = l:gsub("^([%a%d_]+)%s+(%d+).*", "%2=%1")
-
- if m:match("=") then
- local t = stdnse.strsplit("=", m)
- rpc_numbers[tonumber(t[1])] = t[2]
- end
- end
- end
-
- file:close()
-
- return true
-end
-
portrule = shortport.port_or_service(111, "rpcbind")
action = function(host, port)
@@ -53,10 +17,11 @@
local transaction_id = "nmap"
local socket = nmap.new_socket()
local result = " \n"
+ local rpc_numbers
catch = function() socket:close() end
try = nmap.new_try( catch )
- try( fillrpc() )
+ rpc_numbers = try(datafiles.parse_rpc())
local request = string.char(0x80,0,0,40) -- fragment header
request = request .. transaction_id -- transaction id
id = "datafiles testing"
description = "datafiles testing"
author = "kris katterjohn"
license = "meh"
categories = {"safe"}
require 'datafiles'
hostrule = function()
return true
end
action = function(host, port)
local i, v
local pret, protos = datafiles.parse_protocols()
local rret, rpc = datafiles.parse_rpc()
local sret, services = datafiles.parse_services()
local tret, tcpservs = datafiles.parse_services("tcp")
local uret, udpservs = datafiles.parse_services("udp")
if not pret then
return "uhoh protos"
end
if not rret then
return "uhoh rpc"
end
if not sret then
return "uhoh services"
end
if not tret then
return "uhoh tcpservs"
end
if not uret then
return "uhoh udpservs"
end
for i,v in pairs(protos) do
print("protos: " .. i .. " " .. v)
end
for i,v in pairs(rpc) do
print("rpc: " .. i .. " " .. v)
end
for i,v in pairs(services["tcp"]) do
print("services[tcp]: " .. i .. " " .. v)
end
for i,v in pairs(services["udp"]) do
print("services[udp]: " .. i .. " " .. v)
end
for i,v in pairs(tcpservs) do
print("tcpservs: " .. i .. " " .. v)
end
for i,v in pairs(udpservs) do
print("udpservs: " .. i .. " " .. v)
end
end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New NSE Library: "datafiles" for parsing nmap-* Kris Katterjohn (Mar 27)
- Re: New NSE Library: "datafiles" for parsing nmap-* Eddie Bell (Mar 28)
- Re: New NSE Library: "datafiles" for parsing nmap-* Kris Katterjohn (Mar 28)
- Re: New NSE Library: "datafiles" for parsing nmap-* Eddie Bell (Mar 28)