Nmap Development mailing list archives
Re: http-php-version output
From: David Fifield <david () bamsoftware com>
Date: Thu, 25 Nov 2010 08:13:50 -0800
On Thu, Nov 25, 2010 at 03:08:33PM -0000, Rob Nicholls wrote:
I'm slowly working my way through every version of PHP 5 on Windows (just the 5.3.x variants left now!) to generate some new hashes for the script. This has led to quite a few "duplicate" values because we're also listing OS specific variants such as "5.2.4-2ubuntu5.10" and "5.2.12-0dotdeb.1" when there's already an existing value of "5.2.4" and "5.2.9 - 5.2.14" against exactly the same respective hashes. Would it be okay to ditch the OS variant? Would people be happy knowing that it matches a particular version of PHP rather than 5.2.4.%everyLinuxVariantSomeoneSpots%? For example, I'd change: ["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0", "5.2.0-8-etch13 - 5.2.0-8-etch16"}, to ["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0"}, I don't think we've lost anything by removing it. We certainly don't gain anything, except perhaps confusion (especially when testing a Windows host), by having the Debian variant listed.
Yes, let's remove the OS variants. This is the same process that happens with OS detection. The first classification for a new fingerprint is very specific (usually too specific) and it is broadened as new examples come in.
Also, would people find it more useful having: {"5.2.9 - 5.2.14"} Or {"5.2.9", "5.2.10", "5.2.11", "5.2.12", "5.2.13", "5.2.14"} I think that's the worst case example if they're expanded. I don't particularly like the idea of 5.2.x as it feels vague (I know that more specific, typically lower, versions are detected due to their different hashes). Grouping them together works, but the script inconsistently uses dashes and "to" - I propose replacing them all with dashes if we go this route, which is more consistent with Nmap's OS detection, e.g. "Linux 2.6.13 - 2.6.31".
I prefer the first example, with dashes. This is also the convention used in OS detection. This reminds me of what Patrik Karlsson did to enumerate PostgreSQL versions. Perhaps these could be done automatically? What I'm thinking is to do an "svn log" on the logo and credits files, find out where they change, and then hash those revisions. (And then find out what release versions correspond to those revisions.) http://seclists.org/nmap-dev/2010/q1/455 http://www.php.net/svn.php David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-php-version output Rob Nicholls (Nov 26)
- Re: http-php-version output Gutek (Nov 26)
- RE: http-php-version output Rob Nicholls (Nov 26)
- Re: http-php-version output David Fifield (Nov 27)
- RE: http-php-version output Rob Nicholls (Nov 26)
- Re: http-php-version output David Fifield (Nov 26)
- Re: http-php-version output Gutek (Nov 26)