Nmap Development mailing list archives
Re: [BUG] Exclusions directive not honored by NSE version detection
From: David Fifield <david () bamsoftware com>
Date: Mon, 17 May 2010 20:35:04 -0600
On Fri, Apr 30, 2010 at 05:16:59PM -0500, Tom Sellers wrote:
I have recently come across a bug involving port exclusions when performing version detection. I plan to work on finding a fix for the issue this weekend, but I thought I would go ahead and send the info to the list now in the event that my work was delayed or someone had an idea of exactly where the issue lay. Recent scanning shows that the Exclude directive in the nmap-service-probes file is being ignored by NSE version detection if more than one port is scanned on a host. The nmap built in version detection skips the port, but NSE runs version detection scripts against the port anyway. Testing indicates: 1. Scanning 1 port in exclude list = proper behavior 2. Scanning 2 ports in the exclude list = proper behavior 3. Scanning 1 or more excluded ports and 1 or more non-excluded ports = NSE service scan against excluded ports
Are you sure about these conditions? It seems to me that NSE doesn't honor the excluded ports in any case. I made a version script that runs for every port, description = "" categories = {"version"} portrule = function(host, port) return true end action = function(host, port) port.version.name = "version-run" port.version.product = "version script run" nmap.set_port_version(host, port, "hardmatched") end It looks like it runs no matter what. $ ./nmap --datadir . -sV localhost -Pn -n -p 9100 PORT STATE SERVICE VERSION 9100/tcp open version-run version script run $ ./nmap --datadir . -sV localhost -Pn -n -p 9100,9101 PORT STATE SERVICE REASON VERSION 9100/tcp open version-run syn-ack version script run 9101/tcp open version-run syn-ack version script run $ ./nmap --datadir . -sV localhost -Pn -n -p 80,9100 PORT STATE SERVICE VERSION 80/tcp open version-run version script run 9100/tcp open version-run version script run (This is with Ncat listeners on the scanned ports.) I guess it makes sense for version-category NSE scripts to use the same exclusions as normal version detection, but I don't know that it has come up before. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (Apr 30)
- Re: [BUG] Exclusions directive not honored by NSE version detection David Fifield (May 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (May 22)
- Re: [BUG] Exclusions directive not honored by NSE version detection Fyodor (May 24)
- Re: [BUG] Exclusions directive not honored by NSE version detection Patrik Karlsson (May 24)
- Re: [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (May 22)
- Re: [BUG] Exclusions directive not honored by NSE version detection David Fifield (May 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
- Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 19)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 19)
- Re: [BUG] Exclusions directive not honored by NSE version detection Fyodor (Jun 20)
- Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)