Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display)

From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 01:27:25 -0700
On Thu, May 27, 2004 at 10:34:25AM +0200, Martin Ma?ok wrote:


My patch against nmap-service-probes 1.36 is at
http://Xtrmntr.org/ORBman/tmp/nmap-service-probes.patch


Thanks!  I have applied it for the next version of Nmap (coming soon
... quite possibly before I leave for HOPE 5 on Wednesday).  I made
some small changes.  Mostly they involved getting rid of stuff like
the data and hostname from the extrainfo field.  It is tempting to put
any info available from the banner there, but I try to be quite
selective to prevent the port lines from getting to long.  Saving 20
characters could allow for some cool new feature later.  I also
changed MS to "Microsoft" since that is used in the rest of the file.
I got rid of the match on "HTTP/1\.1 200 OK\r\nContent-Location:
(http://[.\d]+/.*)\r\n" for IIS, as that seems pretty sketchy.

Regarding your TODOs:


   - fix broken ``$Revision X.Y$'' entries in the file (messing with CVS)
     (lines prepended with #FIXME - I don't know how exactly they
     should look like)


I could make the file binary (-kb flag), but then the Revision number
in the header wouldn't be updated either.  Maybe that is worth it.
For now I just changed "$Revision" to "$Re..sion" in the two places
they occur.  That prevents the substitution while still working as a
regex.


   - I have seen behaviour when sometimes GetRequest missed and
     HTTPOptions matched (with the same pattern), sometimes not ...
     probably the host was too slow ?


I would be interested in learning more about this.  --version_trace
may help in those instances see what is going on.


   - some probes are commented out to not slow down the scan in
     general case, but they're there if someone wants them (handy)


Great!  I hope to soon add a flag in the file that will cause
special-purpose probes like these to only be used if the port matches,
and not during the brute force try-all-probes stage, unless version
scanning intensity is increased through another new flag.


Please, apply.


Done.  Besides being in the next version of Nmap, it is available at
http://www.insecure.org/nmap/data/nmap-service-probes .

Sorry it took me a month to reply.  I've been focusing on my upcoming
Nmap book, but am taking a break for July to work on Nmap and
Insecure.Org.

Cheers,
-F

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: