Nmap Development mailing list archives
Re: [NSE] nrpe-enum running on 22/tcp
From: Patrick Donnelly <batrick () batbytes com>
Date: Mon, 31 Jan 2011 13:04:05 -0500
On Mon, Jan 31, 2011 at 11:16 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
Hey all, When running nmap with --script '*', I saw that what I expected to be an SSH server was being detected as "nrpe" with bogus results for the script, similar to this: 22/tcp open nrpe Nagios Remote Plugin Executor 4.7p1 (protocol 1.99) | nrpe-enum: | Command State Response | check_hda1 nil penSSH_4.7p1 | | check_load nil penSSH_4.7p1 | | check_total_procs nil penSSH_4.7p1 | | check_users nil penSSH_4.7p1 | |_check_zombie_procs nil penSSH_4.7p1 Obviously, this is actually an SSH server, as evidenced by the OpenSSH banner. nrpe-enum.nse has this portrule: portrule = function(host, port) return shortport.port_or_service(5666, "nrpe") end
This is a bug. It should be: portrule = shortport.port_or_service(5666, "nrpe") See: http://nmap.org/nsedoc/lib/shortport.html#port_or_service -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] nrpe-enum running on 22/tcp Daniel Miller (Jan 31)
- Re: [NSE] nrpe-enum running on 22/tcp Patrick Donnelly (Jan 31)
- Re: [NSE] nrpe-enum running on 22/tcp David Fifield (Feb 01)
- Re: [NSE] nrpe-enum running on 22/tcp Patrick Donnelly (Jan 31)