[NSE] New versionrule for version category scripts

[Djalal Harouni <tixxdz () gmail com>]

Hi,

A patch is attached to introduce a new rule 'versionrule' which will be
used by version category scripts. The patch is against nmap trunk.

Patch details:
* There are scripts which belong to version category and to other
categories, these scripts can have multiple rules (versionrule and
portrule). If the user runs nmap with -sV option then the versionrule
will be activated, otherwise the portrule will be loaded, so the
versionrule evaluation precedes the portrule evaluation. If the
versionrule function returns true then the portrule function will not be
evaluated, the 'SCRIPT_TYPE' environment variable will be
SCRIPT_TYPE == versionrule and the script will do version detection.

* The function 'shortport.port_is_excluded()' was modified and renamed
to 'shortport.port_version_detection()', this function must be used by
versionrule scripts to check if they are allowed to perform version
detection on the given port/protocol pair.
This function will check if the -sV option was specified and if the port
and protocol are not listed in the exclude directive of nmap-service-probes
file, in this situation it will return true.

* Scripts that run in the version detection mode
'SCRIPT_TYPE == versionrule' must not add new targets to Nmap scan
queue, there is a small check but if the -sC option is used then this
check will be bypassed, so script writers must check the SCRIPT_TYPE
environment variable before adding new targets.
(Adding targets is available only for: prerule, hostrule and portrule).


Rules examples of drda-info.nse script:

-- categories of the script:
categories = {"safe", "discovery", "version"}

versionrule = shortport.version_port_or_service({50000,60000,9090,1526,1527},
                                                {"drda","ibm-db2"}, "tcp",
                                                {"open", "open|filtered"})
portrule = shortport.port_or_service({50000,60000,9090,1526,1527},
                                    {"drda","ibm-db2"}, "tcp",
                                    {"open", "open|filtered"})


> From this example if the user has specified the -sV option and if the
current port (50000 or 60000 or 9090 or ...) and protocol (tcp) are not
excluded, then the versionrule will evaluate to true and the portrule
function will not be evaluated, so the script will run in the version
detection mode. If the versionrule returns false, then the portrule
function will be loaded.


So if you have suggestion let me know, after that I'll add the final
correct doc to scripting.xml file and merge this stuff, thx.

-- 
tixxdz

Attachment: nse_versionrule.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/