[RFC][NSE] Modify shortport.ssl and shortport.http to avoid tcpwrapped services

[Daniel Miller <bonsaiviking () gmail com>]

List,

Recently, I did a scan that resulted in lots of tcpwrapped services (I 
think it was a firewall/router/tarpit), resulting in several SSL-related 
scripts running for a long time before timing out. Checking into the 
shortport.ssl function, I thought that it could be extended to check for 
tcpwrapped services (while still matching ssl-tunnelled services that 
get detected as tcpwrapped).

I also added the functionality to shortport.http, and made it match if 
Version detection labels a service http. Here's the patch:

diff --git a/nselib/shortport.lua b/nselib/shortport.lua
index 9d18bdc..e41e881 100644
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -176,7 +176,11 @@ LIKELY_HTTP_SERVICES = {
 -- @usage
 -- portrule = shortport.http

-http = port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES)
+http = function (host, port)
+  return port.version.name == "http" or
+      ( port.version.name ~= "tcpwrapped" and
+      port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES)(host, port))
+end

 local LIKELY_SSL_PORTS = {
     443, 465, 587, 636, 989, 990, 992, 993, 994, 995, 5061, 6679, 
6697, 8443,
@@ -198,7 +202,8 @@ local LIKELY_SSL_SERVICES = {
 -- portrule = shortport.ssl
 function ssl(host, port)
     return port.version.service_tunnel == "ssl" or
-        port_or_service(LIKELY_SSL_PORTS, LIKELY_SSL_SERVICES, {"tcp", 
"sctp"})(host, port)
+        ( port.version.name ~= "tcpwrapped" and
+        port_or_service(LIKELY_SSL_PORTS, LIKELY_SSL_SERVICES, {"tcp", 
"sctp"})(host, port))
 end

 return _ENV;

Please let me know if anyone sees any issue with this. Since it affects 
lots of things, I won't commit until I get some feedback.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/