Re: Services matched by script--show a service fingerprint?

[David Fifield <david () bamsoftware com>]

On Sun, Mar 27, 2011 at 02:39:03PM -0700, David Fifield wrote:
> Dhruval Gandhi's screenshot at http://seclists.org/nmap-dev/2011/q1/1014
> shows port 80 being matched as skype2 by the skypev2-version.nse script,
> but a service fingerprint is being shown anyway.
>
> We usually get a bunch of Skype service submissions in each batch, which
> I have to ignore because service detection can't match it (that's what
> skypev2-version.nse is for, after all). I thought that perhaps the
> script was failing for some reason, but now I see that if a service
> produces output, it can cause a fingerprint to be displayed even when a
> script later matches the service.
>
> Should it work this way? How about hiding the fingerprint (and request
> to submit it) when a service is hardmatched by NSE?

Okay, we've had some agreement that the fingerprint shouldn't be shown
in this case. I'm going to suggest that this would make a good starter
task for a feature creeper / bug wrangler in the Summer of Code. So, you
applicants, this is a nice easy problem to analyze and solve. First, you
need to find where the service fingerprint is printed, then look at the
conditions that make it be printed or not, and modify the condition so
that it is false when there is a service match from a script.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/