Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BackOrifice service probe

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 7 Apr 2011 02:56:56 +0300
I think this probe and match will make a nice addition.


I second that.


Of course, a service version script would be a bit better.


It is not better. It is yet another good addition. It may be useful to
have the probe for lighter matching and a version script that does
something more advanced.

Gorjan, you could try experimenting with that at some point. Just
create another portrule script, but add it to category "version".
Version scripts do not return any output. They just execute, tweak
version information, and exit silently.

You can tweak version information from a script with method set_port_version.
See http://nmap.org/nsedoc/lib/nmap.html#set_port_version for details.

Script netbus-version uses the method when it finds out that a netbus
server is a honey pot called NetBuster instead of a real server. The
syntax looks like this:

        port.version.name = "netbus"
        port.version.product = "NetBuster"
        port.version.extrainfo = "honeypot"
        port.version.version = nil
        nmap.set_port_version(host, port, "hardmatched")

  cheers, --Toni
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: