Nmap Development mailing list archives
[NSE] New versionrule for version category scripts
From: Djalal Harouni <tixxdz () gmail com>
Date: Sat, 21 Aug 2010 21:20:06 +0100
Hi, A patch is attached to introduce a new rule 'versionrule' which will be used by version category scripts. The patch is against nmap trunk. Patch details: * There are scripts which belong to version category and to other categories, these scripts can have multiple rules (versionrule and portrule). If the user runs nmap with -sV option then the versionrule will be activated, otherwise the portrule will be loaded, so the versionrule evaluation precedes the portrule evaluation. If the versionrule function returns true then the portrule function will not be evaluated, the 'SCRIPT_TYPE' environment variable will be SCRIPT_TYPE == versionrule and the script will do version detection. * The function 'shortport.port_is_excluded()' was modified and renamed to 'shortport.port_version_detection()', this function must be used by versionrule scripts to check if they are allowed to perform version detection on the given port/protocol pair. This function will check if the -sV option was specified and if the port and protocol are not listed in the exclude directive of nmap-service-probes file, in this situation it will return true. * Scripts that run in the version detection mode 'SCRIPT_TYPE == versionrule' must not add new targets to Nmap scan queue, there is a small check but if the -sC option is used then this check will be bypassed, so script writers must check the SCRIPT_TYPE environment variable before adding new targets. (Adding targets is available only for: prerule, hostrule and portrule). Rules examples of drda-info.nse script: -- categories of the script: categories = {"safe", "discovery", "version"} versionrule = shortport.version_port_or_service({50000,60000,9090,1526,1527}, {"drda","ibm-db2"}, "tcp", {"open", "open|filtered"}) portrule = shortport.port_or_service({50000,60000,9090,1526,1527}, {"drda","ibm-db2"}, "tcp", {"open", "open|filtered"})
From this example if the user has specified the -sV option and if the
current port (50000 or 60000 or 9090 or ...) and protocol (tcp) are not excluded, then the versionrule will evaluate to true and the portrule function will not be evaluated, so the script will run in the version detection mode. If the versionrule returns false, then the portrule function will be loaded. So if you have suggestion let me know, after that I'll add the final correct doc to scripting.xml file and merge this stuff, thx. -- tixxdz
Attachment:
nse_versionrule.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New versionrule for version category scripts Djalal Harouni (Aug 21)
- Re: [NSE] New Script Version scan phase for versionrule scripts Djalal Harouni (Sep 10)
- Re: [NSE] New Script Version scan phase for versionrule scripts David Fifield (Sep 27)
- Re: [NSE] New Script Version scan phase for versionrule scripts Djalal Harouni (Sep 10)