Nmap Development mailing list archives
Re: Quake 3 query script submission
From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 25 Jan 2010 09:02:21 -0600
On 2010-01-25 06:25, Brandon Enright wrote:
First, you changed the generic Quake 3 match to a softmatch. Is the idea here that we can get fingerprints for more specific matches?
Yes. The fact that it tells you the OS and CPU as part of the version is kind of nice, too.
If you could do something like m|^\xff+\\gamename\\Nexuiz| the match would be much, much faster. What sort of content are you matching against here? If the best that can be added is .* then there is no point.
The response should be marker (\xff\xff\xff\xff), then type (getstatusResponse), then newline, then a game-specific number of key-value pairs (\key1\value1 ... \key2\value2). Anchors are possible, and something like the following should work: m|^\xff\xff\xff\xffgetstatusResponse\n.*\\gamename\\Nexuiz.*| I'll add in the anchors and retest. -- Matthew Anthony Kolybabi (Mak) <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Quake 3 query script submission Mak Kolybabi (Jan 16)
- Re: Quake 3 query script submission Fyodor (Jan 17)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 24)
- Re: Quake 3 query script submission Brandon Enright (Jan 24)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 25)
- Re: Quake 3 query script submission David Fifield (Jan 26)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 29)
- Re: Quake 3 query script submission David Fifield (Jan 29)
- Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission Fyodor (Jan 17)