Nmap Development mailing list archives
Re: Any guide for Adding match rules into nmap-service-probes?
From: ryan chou <jkryanchou () gmail com>
Date: Sun, 7 Jun 2015 08:24:23 +0800
and i know the fingerprint-submit page, while i want to how the fingerprint-submitted be converted to match rule. any Guide or standard for this. as far as i know not all fingerprint which no match rules matched could be transform to match rule.: ) 2015-06-07 8:16 GMT+08:00 ryan chou <jkryanchou () gmail com>:
Thanks Jacek, i Got it. i will resend this mail to other developers. :) 2015-06-06 23:56 GMT+08:00 Jacek Wielemborek <d33tah () gmail com>:W dniu 06.06.2015 o 17:14, ryan chou pisze:Hi Daniel Miller,Hello, You sent the message to Nmap developers list, so I'd assume that you would accept an answer from any other developer as well. Please find the answer below.May i ask you some questions on the process of adding match ruleintonmap-service-probes? Are there any guide or standard for it? I onlyfoundthe vs-fileformat instructions in nmap offical Guide. No charpters were about the process of writing regexes of rules and adding them into nmap-service-probes. Could you introduce it for us with some samples included the part ofhowto test it for improving the rules' coverage and reducing the rate offalsepositive. And Could it be a standard or Guide for more develpers toparticipate init to help improve the nmap?Generally, the best way to contribute is to report a fingerprint Nmap generates to https://nmap.org/submit/ . A sample fingerprint might look like this: nmap localhost -p 31337 -sV Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-06-06 17:54 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000045s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE VERSION 31337/tcp open Elite? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux- SF:gnu%r(NULL,2,"b\n"); Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds The part you should submit is the following: SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux- SF:gnu%r(NULL,2,"b\n"); (it might differ depending on the buffer you received) As for the nmap-service-probes modification, you will find documentation here: https://nmap.org/book/vscan-fileformat.html Please let us know if there is anything else you would like to know about. Cheers, d33tah
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Jacek Wielemborek (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Daniel Miller (Jun 07)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 07)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Jacek Wielemborek (Jun 06)