Re: [Enhancement]Microsoft Version Table

[Daniel Miller <bonsaiviking () gmail com>]

Gyani,

Now that you've had a bit more experience with NSE and with adding
libraries, I'd like to see if you can convert this into a library for
general-purpose canonicalization of OS version strings and generation of
CPE info. You can see examples of this kind of parsing and canonicalization
in smb-os-discovery (I added a couple in r34637, for instance) and in the
cpeify-os.py script in the nmap-private-dev repository (I can give you more
info on this privately).

I'm imagining an interface like this:

--- Returns canonicalized OS version string and CPE(s)
-- @param version_string A string containing OS version information, e.g.
"Windows Version 6.1 (Build 7601: Service Pack 1)" or "blah blah Linux
3.14.2"
-- @param hints A table with known version information to help with parsing
the version_string
-- @return A canonicalized OS version string, e.g. "Windows 7 SP1" or
"Linux 3.14"
-- @return An OS CPE string for the OS version (Maybe there could be more
than one?)

--- Hints table
--
-- The fields are the same as the fields in the Class line of nmap-os-db
-- @field vendor OS vendor, e.g. "Microsoft" or "Linux"
-- @field family OS family, e.g. "Windows" or "Linux"
-- @field generation OS generation, e.g. "7" or "3.X"

I would expect this could be used to extract OS info from service banners.
Maybe we could even fill in any missing info in the hints table? It should
be easy for the script to determine if the parsing failed somehow. Scripts
could even use this to set port.version.ostype and port.version.cpe with
nmap.set_port_version().

Since you mentioned that the Windows build number is not always available,
I'd suggest a hierarchical structure for the lookup table, so that a more
general name can be returned if the build number is not present. Be sure to
name your source of information so that we can keep the table up-to-date.

Since the parsing code could easily get very large and complicated, start
by targeting the small range of strings that smb-os-discovery already
handles, then convert that script to use the new library. We can add more
capability as we have a need.

Dan

On Mon, Feb 2, 2015 at 11:21 AM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi List,
>
> I have added a zip file that contains :
>
>    - microsoft-version-table.lua a library file that contains a table of
>    windows names with their minor and major versions,type and build numbers.
>    It has two helper functions get_windows_name() and already_processed(). The
>    former function tells the long name depending on the information supplied
>    to it. The other function is used to check if a given server has already
>    been processed.
>    - A modified smb-mbenum.nse file that now uses another argument
>    smb-mbenum.name if set to 1 it only shows the windows name of a
>    particular system on the network only once. It shows the name for each
>    entry by default. It uses the get_windows_name and the already_processed
>    function.
>    - Two output files one containing the output when name is set to one
>    and the other containing the default output.
>
> I am not being able to grab build numbers or the server type which would
> help in differentiating between two windows versions using the same major
> and minor versions. David has suggested me to look into other easier
> scripts that may need the function and I will. ndmp-version seems to be one
> such script.
>
> Gyanendra
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/