Nmap Development mailing list archives
Re: [NSE] nrpe-enum running on 22/tcp
From: David Fifield <david () bamsoftware com>
Date: Tue, 1 Feb 2011 13:27:06 -0800
On Mon, Jan 31, 2011 at 01:04:05PM -0500, Patrick Donnelly wrote:
On Mon, Jan 31, 2011 at 11:16 AM, Daniel Miller <bonsaiviking () gmail com> wrote:Hey all, When running nmap with --script '*', I saw that what I expected to be an SSH server was being detected as "nrpe" with bogus results for the script, similar to this: 22/tcp open nrpe Nagios Remote Plugin Executor 4.7p1 (protocol 1.99) | nrpe-enum: | Command State Response | check_hda1 nil penSSH_4.7p1 | | check_load nil penSSH_4.7p1 | | check_total_procs nil penSSH_4.7p1 | | check_users nil penSSH_4.7p1 | |_check_zombie_procs nil penSSH_4.7p1 Obviously, this is actually an SSH server, as evidenced by the OpenSSH banner. nrpe-enum.nse has this portrule: portrule = function(host, port) return shortport.port_or_service(5666, "nrpe") endThis is a bug. It should be: portrule = shortport.port_or_service(5666, "nrpe")
Good eye. I just fixed it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] nrpe-enum running on 22/tcp Daniel Miller (Jan 31)
- Re: [NSE] nrpe-enum running on 22/tcp Patrick Donnelly (Jan 31)
- Re: [NSE] nrpe-enum running on 22/tcp David Fifield (Feb 01)
- Re: [NSE] nrpe-enum running on 22/tcp Patrick Donnelly (Jan 31)