Nmap Development mailing list archives
Recent changes to -sV and softmatches
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 12 Feb 2018 23:52:33 -0600
Hi, Nmap devs and users! Recently, I pushed a series of 3 changes that update the way Nmap does service and application version detection. Hopefully, these will result in better detection of services on unusual ports as well as speed up detection of some services on very common ports. The full documentation for version detection, including a description of the softmatch mechanism is in Nmap Network Scanning chapter 7 [1]. First, r37130 aligns the code with the documentation. A softmatch is supposed to limit subsequent probes to those that have a possibility of matching the softmatched service. Instead, Nmap was continuing to send all the probes with matching port numbers, even if they were not known to match the softmatched service. The fix will reduce the number of probes sent by only sending the most likely probes after a softmatch, speeding up service detection. Second, r37131 expands the --version-all option to really send all probes, even if a softmatch is found. This will be useful for finding existing probes that elicit a response from new services, even if Nmap doesn't know how to match those services yet. The same applies to --version-intensity 9, since --version-all is just an alias for that. Last, r37138 allows Nmap to send likely (matching service) probes after a softmatch even if the rarity exceeds the version intensity. In other words, a softmatch causes Nmap to ignore --version-intensity or --version-light options. Since the number of possible probes is already very limited due to the softmatch (especially after the first change above), extending to unusual probes will not add much extra time and ought to greatly improve detection of services on unusual ports. I welcome your feedback on these changes. Dan [1] Nmap Network Scanning, chapter 7: "Service and Application Version Detection" https://nmap.org/book/vscan.html
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Recent changes to -sV and softmatches Daniel Miller (Feb 12)