Nmap Development mailing list archives
[RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 14 Sep 2012 16:28:55 -0500
List,Recently, I did a scan that resulted in lots of tcpwrapped services (I think it was a firewall/router/tarpit), resulting in several SSL-related scripts running for a long time before timing out. Checking into the shortport.ssl function, I thought that it could be extended to check for tcpwrapped services (while still matching ssl-tunnelled services that get detected as tcpwrapped).
I also added the functionality to shortport.http, and made it match if Version detection labels a service http. Here's the patch:
diff --git a/nselib/shortport.lua b/nselib/shortport.lua index 9d18bdc..e41e881 100644 --- a/nselib/shortport.lua +++ b/nselib/shortport.lua @@ -176,7 +176,11 @@ LIKELY_HTTP_SERVICES = { -- @usage -- portrule = shortport.http -http = port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES) +http = function (host, port) + return port.version.name == "http" or + ( port.version.name ~= "tcpwrapped" and + port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES)(host, port)) +end local LIKELY_SSL_PORTS = {443, 465, 587, 636, 989, 990, 992, 993, 994, 995, 5061, 6679, 6697, 8443,
@@ -198,7 +202,8 @@ local LIKELY_SSL_SERVICES = { -- portrule = shortport.ssl function ssl(host, port) return port.version.service_tunnel == "ssl" or- port_or_service(LIKELY_SSL_PORTS, LIKELY_SSL_SERVICES, {"tcp", "sctp"})(host, port)
+ ( port.version.name ~= "tcpwrapped" and+ port_or_service(LIKELY_SSL_PORTS, LIKELY_SSL_SERVICES, {"tcp", "sctp"})(host, port))
end return _ENV;Please let me know if anyone sees any issue with this. Since it affects lots of things, I won't commit until I get some feedback.
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services David Fifield (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 14)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services Daniel Miller (Sep 17)
- Re: [RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services David Fifield (Sep 14)