Re: Version detection output - script vs normal

[Fyodor <fyodor () insecure org>]

On Fri, Oct 30, 2009 at 12:23:55PM -0500, Tom Sellers wrote:
> > nmap   -sV --version-all --script=custom-script.nse  -p60000 
> > 192.168.100.111
> >
> > PORT      STATE         SERVICE         VERSION
> > 60000/tcp open          custom                 MyServ Server  
> > 10.33.22 (Solaris)
> > |  custom-script: MyServ Version: 10.33.22
> > |_  Server Platform: Solaris
> >
> > nmap  --script=custom-script.nse  -p60000 192.168.100.111
> >
> > PORT      STATE         SERVICE
> > 60000/tcp open          custom
> > |  custom-script: MyServ Version: 10.33.22
> > |_  Server Platform: Solaris

Hi Tom.  As you noticed, Nmap only includes the version information if
version detection or RPC scanning were requested ("if (o.servicescan
|| o.rpcscan)").  But your right that there is a special case where
someone could not specify these, but run a script which populates the
version detection results.  I don't think we want to include the
"SERVICE" column in all cases that NSE was requested, as this USUALLY
doesn't happen.  We could maybe add some smarts so that Nmap detects
this case and prints the VERSION column anyway if this happens (maybe
one a target by target basis).  But I'm not sure this scenario is
common enough to warrant this.

So for now, I'm afraid you just have to use -sV if you want the
version information.  But you could always specify
"--version-intensity 0" to speed it up.  Or even pass a nearly empty
probes file.  Or, if you (or anyone) wants to suggest a patch to
handle this case differently, I'd be happy to look at it.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/