Nmap Development mailing list archives
Re: [PATCH] Allow NSE script to set service info without -sV
From: David Fifield <david () bamsoftware com>
Date: Mon, 21 Dec 2009 12:27:26 -0700
On Sat, Dec 19, 2009 at 11:27:45AM -0600, Tom Sellers wrote:
I have attached a patch that changes nmap behavior so that NSE scripts can modify a service's product, version, extrainfo, ostype and devicetype even if nmap was called without version detection (-sV). As far as I can tell nmap will not let you set these values unless version detection is requested. I often want to run very targeted scans against a service using a script, output that data to XML and then use ruby code to parse and report on the findings. If this change is implemented I can cut down on the network overhead and potential impact on my targets. In nse_nmaplib.cc starting at line 551 the code logic says that if a service scan is requested set all the service values (product, version, etc), if not just set the probe state, name and tunnel values. The change I made basically detects if any of the normally unset values have been populated, if so set the o.servicescan value to be true. I had tried just writing the values out without touching the o.servicescan variable but this tripped an assert in NmapOutputTable.cc because there were not enough columns allocated in the service table output. Ultimately the change I settled on consists of adding the following two lines to nse_nmaplib.cc: if ( product || version || extrainfo || hostname || ostype || devicetype ) o.servicescan = true;
I'd like you to try solving this a different way. In the printportoutput function in output.cc, it allocates an extra column in the output table if o.servicescan is true. You could change this to do a quick pass over the port table (encapsulated in a function) to check if any ports have version results. That function would also always return true if o.servicescan is set. With the new Port structure after the recent memory reduction work, all you have to do is check that Port::service is non-NULL. I don't think there's a good reason for l_set_port_version to refuse to store all the service information if o.servicescan is not set. You should take that out if it doesn't cause problems. The reason I don't like changing o.servicescan is that it might have side effects. In fact, won't that cause a real service scan to be run for following host groups? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [PATCH] Allow NSE script to set service info without -sV Tom Sellers (Dec 19)
- Re: [PATCH] Allow NSE script to set service info without -sV David Fifield (Dec 21)