Nmap Development mailing list archives
Re: [NSE] new scripts and libraries: service probes
From: David Fifield <david () bamsoftware com>
Date: Wed, 11 Aug 2010 19:13:24 -0600
On Sun, Aug 08, 2010 at 05:31:36PM +0200, Patrik Karlsson wrote:
In addition I've added a few new probes to the nmap-service-probes. They detect the following: - Lotus Domino Console running on tcp/2050 (shows OS and hostname) - IBM Informix Dynamic Server running native protocol (shows hostname, and file path) - Database servers running the DRDA protocol - IBM Websphere MQ (shows name of queue-manager and channel)
Do you have the original fingerprints for these? I have committed them but some changes might be necessary. We keep all the submitted signatures in a big file, which can some in handy when we get more submissions in the future. Sometimes matches can be loosened or tightened based on observed changes in the fingerprints. I only have the latest submitted fingerprints up to August 5, so if you submitted them later, just let me know. Here are the specific questions I have. match dominoconsole m|^([^:]*):([^:]*):[^:]+:.*$| p/Lotus Domino Console/ o/$2/ i/Server name: $1/ What is the format of the $2 field? If it's not the same as in our other matches ("windows" lowercase, for example), then it's better to have multiple match lines to put it in the correct format. Is the $1 field the host name? If so, put it in h/$1/. match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x6IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[.\d\w]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0.(.*)\0\0.([A-Z]\:[^/]*)\0\0t\0\x08\x01Y\0\x06\x01Y\0\0\0\x7f$| p/Informix Dynamic Server/ v/11.50/ o/Windows/ i/Hostname: $1, Path: $3/ The same thing applies here with the host name. Does the part that matches nmap@[.\d\w]+ contain any useful information? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] new scripts and libraries Patrik Karlsson (Aug 08)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Ron (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Ron (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)