Nmap Development mailing list archives
Re: [Enhancement]Microsoft Version Table
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 15 Jun 2015 07:39:56 -0500
Gyani, Now that you've had a bit more experience with NSE and with adding libraries, I'd like to see if you can convert this into a library for general-purpose canonicalization of OS version strings and generation of CPE info. You can see examples of this kind of parsing and canonicalization in smb-os-discovery (I added a couple in r34637, for instance) and in the cpeify-os.py script in the nmap-private-dev repository (I can give you more info on this privately). I'm imagining an interface like this: --- Returns canonicalized OS version string and CPE(s) -- @param version_string A string containing OS version information, e.g. "Windows Version 6.1 (Build 7601: Service Pack 1)" or "blah blah Linux 3.14.2" -- @param hints A table with known version information to help with parsing the version_string -- @return A canonicalized OS version string, e.g. "Windows 7 SP1" or "Linux 3.14" -- @return An OS CPE string for the OS version (Maybe there could be more than one?) --- Hints table -- -- The fields are the same as the fields in the Class line of nmap-os-db -- @field vendor OS vendor, e.g. "Microsoft" or "Linux" -- @field family OS family, e.g. "Windows" or "Linux" -- @field generation OS generation, e.g. "7" or "3.X" I would expect this could be used to extract OS info from service banners. Maybe we could even fill in any missing info in the hints table? It should be easy for the script to determine if the parsing failed somehow. Scripts could even use this to set port.version.ostype and port.version.cpe with nmap.set_port_version(). Since you mentioned that the Windows build number is not always available, I'd suggest a hierarchical structure for the lookup table, so that a more general name can be returned if the build number is not present. Be sure to name your source of information so that we can keep the table up-to-date. Since the parsing code could easily get very large and complicated, start by targeting the small range of strings that smb-os-discovery already handles, then convert that script to use the new library. We can add more capability as we have a need. Dan On Mon, Feb 2, 2015 at 11:21 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
Hi List, I have added a zip file that contains : - microsoft-version-table.lua a library file that contains a table of windows names with their minor and major versions,type and build numbers. It has two helper functions get_windows_name() and already_processed(). The former function tells the long name depending on the information supplied to it. The other function is used to check if a given server has already been processed. - A modified smb-mbenum.nse file that now uses another argument smb-mbenum.name if set to 1 it only shows the windows name of a particular system on the network only once. It shows the name for each entry by default. It uses the get_windows_name and the already_processed function. - Two output files one containing the output when name is set to one and the other containing the default output. I am not being able to grab build numbers or the server type which would help in differentiating between two windows versions using the same major and minor versions. David has suggested me to look into other easier scripts that may need the function and I will. ndmp-version seems to be one such script. Gyanendra _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [Enhancement]Microsoft Version Table Daniel Miller (Jun 15)