Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-php-version output

From: David Fifield <david () bamsoftware com>
Date: Thu, 25 Nov 2010 08:13:50 -0800
On Thu, Nov 25, 2010 at 03:08:33PM -0000, Rob Nicholls wrote:

I'm slowly working my way through every version of PHP 5 on Windows (just
the 5.3.x variants left now!) to generate some new hashes for the script.
This has led to quite a few "duplicate" values because we're also listing OS
specific variants such as "5.2.4-2ubuntu5.10" and "5.2.12-0dotdeb.1" when
there's already an existing value of "5.2.4" and "5.2.9 - 5.2.14" against
exactly the same respective hashes.

Would it be okay to ditch the OS variant? Would people be happy knowing that
it matches a particular version of PHP rather than
5.2.4.%everyLinuxVariantSomeoneSpots%?

For example, I'd change:

["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0", "5.2.0-8-etch13 -
5.2.0-8-etch16"},
to
["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0"},

I don't think we've lost anything by removing it. We certainly don't gain
anything, except perhaps confusion (especially when testing a Windows host),
by having the Debian variant listed.


Yes, let's remove the OS variants. This is the same process that happens
with OS detection. The first classification for a new fingerprint is
very specific (usually too specific) and it is broadened as new examples
come in.


Also, would people find it more useful having:

{"5.2.9 - 5.2.14"}
Or
{"5.2.9", "5.2.10", "5.2.11", "5.2.12", "5.2.13", "5.2.14"}

I think that's the worst case example if they're expanded.

I don't particularly like the idea of 5.2.x as it feels vague (I know that
more specific, typically lower, versions are detected due to their different
hashes). Grouping them together works, but the script inconsistently uses
dashes and "to" - I propose replacing them all with dashes if we go this
route, which is more consistent with Nmap's OS detection, e.g. "Linux 2.6.13
- 2.6.31".


I prefer the first example, with dashes. This is also the convention
used in OS detection.

This reminds me of what Patrik Karlsson did to enumerate PostgreSQL
versions. Perhaps these could be done automatically? What I'm thinking
is to do an "svn log" on the logo and credits files, find out where they
change, and then hash those revisions. (And then find out what release
versions correspond to those revisions.)

http://seclists.org/nmap-dev/2010/q1/455
http://www.php.net/svn.php

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: