Nmap Development mailing list archives
Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display)
From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 01:27:25 -0700
On Thu, May 27, 2004 at 10:34:25AM +0200, Martin Ma?ok wrote:
My patch against nmap-service-probes 1.36 is at http://Xtrmntr.org/ORBman/tmp/nmap-service-probes.patch
Thanks! I have applied it for the next version of Nmap (coming soon ... quite possibly before I leave for HOPE 5 on Wednesday). I made some small changes. Mostly they involved getting rid of stuff like the data and hostname from the extrainfo field. It is tempting to put any info available from the banner there, but I try to be quite selective to prevent the port lines from getting to long. Saving 20 characters could allow for some cool new feature later. I also changed MS to "Microsoft" since that is used in the rest of the file. I got rid of the match on "HTTP/1\.1 200 OK\r\nContent-Location: (http://[.\d]+/.*)\r\n" for IIS, as that seems pretty sketchy. Regarding your TODOs:
- fix broken ``$Revision X.Y$'' entries in the file (messing with CVS) (lines prepended with #FIXME - I don't know how exactly they should look like)
I could make the file binary (-kb flag), but then the Revision number in the header wouldn't be updated either. Maybe that is worth it. For now I just changed "$Revision" to "$Re..sion" in the two places they occur. That prevents the substitution while still working as a regex.
- I have seen behaviour when sometimes GetRequest missed and HTTPOptions matched (with the same pattern), sometimes not ... probably the host was too slow ?
I would be interested in learning more about this. --version_trace may help in those instances see what is going on.
- some probes are commented out to not slow down the scan in general case, but they're there if someone wants them (handy)
Great! I hope to soon add a flag in the file that will cause special-purpose probes like these to only be used if the port matches, and not during the brute force try-all-probes stage, unless version scanning intensity is increased through another new flag.
Please, apply.
Done. Besides being in the next version of Nmap, it is available at http://www.insecure.org/nmap/data/nmap-service-probes . Sorry it took me a month to reply. I've been focusing on my upcoming Nmap book, but am taking a break for July to work on Nmap and Insecure.Org. Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Fyodor (Jul 05)
- Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Martin Mačok (Jul 05)