Nmap Development mailing list archives
Re: SSH Survey Results
From: "Joshua D. Abraham" <jabra () ccs neu edu>
Date: Thu, 15 Jun 2006 09:01:44 -0400
Awesome work Doug. I'm wondering if you thought about the idea of the soft fingerprint match to help with OS detection as I suggested a month ago? --Josh On 15.Jun.2006 04:03AM -0700, doug () hcsw org wrote:
Hi nmap-dev! One of the projects I elected to take on for this Google Summer of Code is a large SSH scan against random hosts on the internet in order to refine and update Nmap's SSH version detection. SSH is becoming more and more common of a protocol and is rarely filtered to the extent many services are (SMB, telnet, etc) so performing version detection (-sV) on remote SSH ports is often the fastest and most reliable remote device profiling method. I know when I'm doing a quick survey of my internal network (what IP is that box using again?) I usually look at the MAC OUI vendor if I'm on the same ethernet or the SSH version otherwise. The SSH protocol is short and simple but don't let that sway you: the information from it can be quite useful! So, ladies and gentlemen, I'm pleased to announce the results of the SoC 2006 SSH scan! Nearly 8000 open port 22s were discovered. Of them, about 98.7% had running SSH daemons. The fact that 1.3% of the open ports were not in fact SSH daemons, to me, underscores the importance of performing Nmap's version detection. When you assume an open port 22 is SSH you may be wrong more than once every hundred times! Without further ado, here are the results of the scan broken down into categories: (("OpenSSH" 4936) ("Debian/OpenSSH" 808) ("FreeBSD/OpenSSH" 545) ("Cisco" 284) ("SCS SSH" 258) ("SCS SSH (non-commercial)" 150) ("dropbear" 98) ("Ubuntu/OpenSSH" 58) ("SunSSH/OpenSSH" 58) ("RomCliSecure" 50) ("HUAWEI-VRP" 35) ("Akamai" 30) ("xxxxxxx Fortinet VPN/firewall sshd" 28) ("NetScreen" 26) ("libssh" 19) ("VRP" 19) ("lancom" 19) ("Mikrotik/OpenSSH" 18) ("NetBSD/OpenSSH" 17) ("Rad SFTP" 12) ("RemotelyAnywhere/OpenSSH" 10) ("FortiSSH" 9) ("WinSSHD/libssh" 7) ("X Cisco VPN Concentrator SSHd" 5) ("Mocana SSH" 5) ("F-Secure" 4) ("Dlink SSH" 3) ("mpSSH" 3) ("F-Secure winNT" 3) ("VShell win32/unix" 3) ("WeOnlyDo" 2) ("GlobalScape/libssh" 2) ("lshd" 2) ("Radware" 2) ("FreSSH" 2) ("IPSSH" 2) ("cryptlib" 2) ("miniBSD/OpenSSH" 1) ("WeOnlyDo" 1) ("AOS SSH" 1) ("RedlineNetworks/OpenSSH" 1) ("F-Secure dss-only" 1) ("SSH Compatible Server" 1) ("Neteyes" 1) ("DigiSSH" 1) ("Tru64 SSH" 1) ("Tasman router sshd" 1)) As was previously expected, OpenSSH is *by far* the most popular SSH server currently in use on the internet. How about a breakdown of its versions? (("3.9p1" 897) ("3.6.1p2" 844) ("3.8.1p1 Debian-8.sarge.4" 484) ("3.7.1p2" 358) ("3.5p1" 355) ("3.1p1" 349) ("4.2" 303) ("4.1" 273) ("3.5p1 FreeBSD-20030924" 224) ("4.3" 209) ("3.4p1" 204) ("3.8.1p1" 193) ("4.0" 174) ("3.6p1" 150) ("3.8.1p1 FreeBSD-20040419" 135) ("3.7.1p2 Debian 1:3.7.1p2-1.2" 113) ("3.4p1 Debian 1:3.4p1-1.woody.3" 88) ("4.2p1 FreeBSD-20050903" 81) ("3.7.1p1" 78) ("3.8p1" 76) ("3.6.1p1+CAN-2004-0175" 61) ("2.9p2" 44) ("3.6.1" 40) ("4.2p1 Debian-8" 33) ("3.0.2p1" 32) ("2.3.0p1" 29) ("4.1p1 Debian-7ubuntu4.1" 25) ("3.8.1p1 FreeBSD-20060123" 25) ("2.5.2p2" 24) ("3.6.1p1 FreeBSD-20030924" 23) ("2.9.9p2" 22) ("4.2p1 Debian-5" 22) ("3.4p1 FreeBSD-20020702" 19) ("1.2" 19) ("2.3.0_Mikrotik_v2.9" 18) ("3.9.0p1" 17) ("3.5p1 FreeBSD-20030201" 16) ("3.8" 13) ("3.4" 13) ("3.2.3p1" 13) ("4.2p1 Debian-7ubuntu3" 12) ("3.5" 12) ("3.4p1+CAN-2004-0175" 11) ("3.7p1" 10) ("4.2p1 Debian-7" 10)) And finally, what about the protocol versions in use? (("1.99" 4262) ("2.0" 2912) ("1.5" 382)) After processing this data as carefuly as possible, I proceeded to use the data to enhance the SSH match lines in the nmap-service-probes file. I added 29 new SSH match lines bringing us up to 76 as well as refining and updating numerous others. Probably the most useful modification is the refined OpenSSH match lines. We now should get more detailed and accurate service-detection operating system and device type guesses based on SSH. Also, numerous new match lines have been added, giving Nmap's version detection the capability of recognising SSH daemons such as, to name a few, * HUAWEI VRP routers * Fortinet VPN/firewalls * FreSSH * DLink routers sshd * RemotelyAnywhere * etc Finally, I took the time to reorganise and refine some of the match lines. For instance, it might not be obvious to everybody that mpSSH is, in fact, Hewlett Packard's Integrated Lights Out SSH daemon. I'm attaching a patch to Nmap 4.10's nmap-service-probes file. Enjoy! Doug
--- nmap-service-probes.orig 2006-06-12 16:29:24.000000000 -0700 +++ nmap-service-probes 2006-06-15 02:12:38.000000000 -0700 @@ -1488,60 +1488,101 @@ match sourceoffice m|^200\r\nProtocol-Version:(\d[.\d]+)\r\nMessage-ID:\d+\r\nDatabase .*\r\nContent-Length:\d+\r\n\r\n(\w:\\.*ini)\r\n\r\n| p/Sourcegear SourceOffSite/ i/Protocol $1; INI file: $2/ match sourceoffice m|^250\r\nProtocol-Version:(\d[.\d]+)\r\nMessage-ID:\d+\r\nDatabase .*\r\nContent-Length:\d+\r\nKey Length:(\d+)\r\n\r\n.*(\w:\\.*ini)\r\n\r\n|s p/Sourcegear SourceOffSite/ i/Protocol $1; Key len: $2; INI file: $3/ + match ssh m|^\0\0\0\$\0\0\0\0\x01\0\0\0\x1bNo host key is configured!\n\r!\"v| p/Foundry Networks switch sshd/ i/broken: No host key configured/ match ssh m|^SSH-(\d[\d.]+)-SSF-(\d[-.\w]+)\n| p/SSF French SSH/ v/$2/ i/protocol $1/ match ssh m|^SSH-(\d[\d.]+)-lshd_(\d[-.\w]+) lsh - a free ssh\r\n\0\0| p/lshd secure shell/ v/$2/ i/protocol $1/ -match ssh m/^SSH-([.\d]+)-OpenSSH[_-](\S+ Debian-7ubuntu3)/i o/Linux/ p/OpenSSH/ v/$2/ i/protocol $1/ -match ssh m/^SSH-([.\d]+)-OpenSSH[_-]([\S ]+)/i p/OpenSSH/ v/$2/ i/protocol $1/ match ssh m/^SSH-([.\d]+)-Sun_SSH_(\S+)/ p/SunSSH/ v/$2/ i/protocol $1/ match ssh m/^SSH-([.\d]+)-meow roototkt by rebel/ p/meow SSH ROOTKIT/ i/protocol $1/ -match ssh m/^SSH-([.\d]+)-(\d+\.\d+\.\d+) SSH Secure Shell/ p/F-Secure SSH Secure Shell/ v/$2/ i/protocol $1/ -match ssh m|^sshd: SSH Secure Shell (\d[-.\w]+) on ([-.\w]+)\nSSH-(\d[.\d]+)-| p/F-Secure SSH Secure Shell/ v/$1/ i/on $2; protocol $3/ -match ssh m|^sshd: SSH Secure Shell (\d[-.\w]+) \(([^\r\n\)]+)\) on ([-.\w]+)\nSSH-(\d[.\d]+)-| p/F-Secure SSH Secure Shell/ v/$1/ i/$2; on $3; protocol $4/ -match ssh m|^sshd2\[\d+\]: .*\r\nSSH-(\d[\d.]+)-(\d[-.\w]+) SSH Secure Shell \(([^\r\n\)]+)\)\r\n| p/F-Secure SSH Secure Shell/ v/$2/ i/protocol $1/ -match ssh m/^SSH-([.\d]+)-(\d+\.\d+\.[-.\w]+)/ p/SSH/ v/$2/ i/protocol $1/ # Akamai hosted systems tend to run this - found on www.microsoft.com match ssh m|^SSH-(\d[.\d]*)-AKAMAI-I\n$| p/Akamai-I SSH/ i/protocol $1/ match ssh m|^SSH-(\d[.\d]*)-Server-V\n$| p/Akamai-I SSH/ i/protocol $1/ match ssh m|^SSH-(\d[.\d]*)-Server-VI\n$| p/Akamai-I SSH/ i/protocol $1/ match ssh m|^SSH-(\d[.\d]+)-Cisco-(\d[.\d]+)\n$| p/Cisco SSH/ v/$2/ i/protocol $1/ match ssh m|^\r\nDestination server does not have Ssh activated\.\r\nContact Cisco Systems, Inc to purchase a\r\nlicense key to activate Ssh\.\r\n| p/Cisco CSS SSH/ i/Unlicensed/ -match ssh m|^SSH-(\d[.\d]+)-SSH Protocol Compatible Server SCS (\d[-.\w]+)\n| p/NetScreen SCS sshd/ v/$2/ i/protocol $1/ -match ssh m|^SSH-(\d[.\d]+)-VShell_(\d[._\d]+) VShell\r\n$| p/VanDyke VShell/ v/$SUBST(2,"_",".")/ i/protocol $1/ -match ssh m|^SSH-2\.0-0\.0 \r\n| p/VanDyke VShell/ i/version info hidden/ -match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD (\d[-.\w]+)\r\n/ p/Bitvise WinSSHD/ v/$3/ i/protocol $1/ o/Windows/ -match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD\r\n/ p/Bitvise WinSSHD/ i/protocol $1; server version hidden/ o/Windows/ +match ssh m|^SSH-(\d[.\d]+)-VShell_(\d[._\d]+) VShell\r\n$| p/VanDyke VShell sshd/ v/$SUBST(2,"_",".")/ i/protocol $1/ +match ssh m|^SSH-2\.0-0\.0 \r\n| p/VanDyke VShell sshd/ i/version info hidden; protocol 2.0/ +match ssh m|^SSH-([\d.]+)-([\d.]+) VShell\r\n| p/VanDyke VShell/ v/$2/ i/protocol $1/ +match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD (\d[-.\w]+)\r\n/ p/Bitvise WinSSHD/ v/$3/ i/sshlib $2; protocol $1/ o/Windows/ +match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD\r\n/ p/Bitvise WinSSHD/ i/sshlib $2; protocol $1; server version hidden/ o/Windows/ # Cisco VPN 3000 Concentrator # Cisco VPN Concentrator 3005 - Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003 match ssh m/^SSH-([.\d]+)-OpenSSH\n$/ p/OpenSSH/ i/protocol $1/ d/terminal server/ -match ssh m/^SSH-([.\d]+)-([.\d]+) Radware\n$/ p/Radware Linkproof SSH/ v/$2/ i/protocol $1/ d/terminal server/ match ssh m|^SSH-1\.5-X\n| p/Cisco VPN Concentrator SSHd/ i/protocol 1.5/ d/terminal server/ match ssh m|^SSH-([\d.]+)-NetScreen\r\n| p/NetScreen sshd/ i/protocol $1/ d/firewall/ -match ssh m|^SSH-1\.5-FucKiT RootKit by Cyrax\n| p/FucKiT RootKit sshd/ i/protocol 1.5/ o/Linux/ +match ssh m|^SSH-1\.5-FucKiT RootKit by Cyrax\n| p/FucKiT RootKit sshd/ i/**BACKDOOR** protocol 1.5/ o/Linux/ match ssh m|^SSH-2\.0-dropbear_([\w.]+)\r\n| p/Dropbear sshd/ v/$1/ i/protocol 2.0/ match ssh m|^Access to service sshd from [\w-_.]+@[\w-_.]+ has been denied\.\r\n| p/libwrap'd OpenSSH/ i/Access denied/ match ssh m|^SSH-2\.0-FortiSSH_([\d.]+)\n| p/FortiSSH/ v/$1/ i/protocol 2.0/ match ssh m|^SSH-([\d.]+)-cryptlib\r?\n| p/APC AOS cryptlib sshd/ i/protocol $1/ o/AOS/ -match ssh m|^SSH-2\.0-1\.0 Radware SSH \r\n| p/Radware sshd/ i|protocols 1.0/2.0| d/firewall/ -match ssh m|^SSH-1\.5-By-ICE_4_All \( Hackers Not Allowed! \)\n| p/ICE_4_All backdoor sshd/ i/protocol 1.5/ -match ssh m|^SSH-2\.0-mpSSH_([\d.]+)\n| p/mpSSH/ v/$1/ i/protocol 2.0/ -# This is a strange one. The linksys WRT45G pretends to be OpenSSH, -# but doesn't do a great job: -match ssh m|^SSH-2\.0-OpenSSH\r\n| p/Linksys WRT45G modified dropbear sshd/ i/protocol 2.0/ d/router/ +match ssh m/^SSH-([.\d]+)-([.\d]+) Radware\n$/ p/Radware Linkproof SSH/ v/$2/ i/protocol $1/ d/terminal server/ +match ssh m|^SSH-2\.0-1\.0 Radware SSH \r\n| p/Radware sshd/ i|protocol 2.0| d/firewall/ +match ssh m|^SSH-([\d.]+)-Radware_([\d.]+)\r\n| p/Radware sshd/ v/$2/ i/protocol $1/ d/firewall/ +match ssh m|^SSH-1\.5-By-ICE_4_All \( Hackers Not Allowed! \)\n| p/ICE_4_All backdoor sshd/ i/**BACKDOOR** protocol 1.5/ +match ssh m|^SSH-2\.0-mpSSH_([\d.]+)\n| p/HP Integrated Lights Out mpSSH/ v/$1/ i/protocol 2.0/ match ssh m|^SSH-2\.0-Unknown\n| p/Allot Netenforcer OpenSSH/ i/protocol 2.0/ match ssh m|^SSH-2\.0-FrSAR ([\d.]+) TRUEX COMPT 32/64\r\n| p/FrSAR truex compt sshd/ v/$1/ i/protocol 2.0/ -match ssh m|^SSH-2\.0-(\d+)\n| p/Netpilot config access/ v/$1/ i/protocol 2.0/ -match ssh m|^SSH-2\.0-RomCliSecure_([\d.]+)\r\n| p/Adtran Netvanta RomCliSecure sshd/ v/$1/ i/protocol 2.0/ -match ssh m|^SSH-2\.0-([\d.]+) sshlib: GlobalScape\r\n| p/GlobalScape CuteFTP sshd/ v/$1/ o/Windows/ +match ssh m|^SSH-2\.0-(\d{8,12})\n| p/Netpilot config access/ v/$1/ i/protocol 2.0/ +match ssh m|^SSH-([\d.]+)-RomCliSecure_([\d.]+)\r\n| p/Adtran Netvanta RomCliSecure sshd/ v/$2/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-([\d.]+) sshlib: GlobalScape\r\n| p/GlobalScape CuteFTP sshd/ i/sshlib $2; protocol $1/ o/Windows/ match ssh m|^SSH-2\.0-APSSH_([\w.]+)\n| p/APSSHd/ v/$1/ i/protocol 2.0/ match ssh m|^SSH-2\.0-Twisted\r\n| p/Kojoney SSH honeypot/ i/protocol 2.0/ match ssh m|^SSH-2\.0-Mocana SSH \r\n| p/Mocanada embedded SSH/ i/protocol 2.0/ match ssh m|^SSH-1\.99-InteropSecShell_([\d.]+)\n| p/InteropSystems SSH/ v/$1/ i/protocol 1.99/ o/Windows/ match ssh m|^SSH-2\.0-WeOnlyDo(-wodFTPD)? ([\d.]+)\r\n| p/WeOnlyDo sshd/ v/$2/ i/protocol 2.0/ o/Windows/ match ssh m|^SSH-2\.0-PGP\n| p/PHP Universal sshd/ i/protocol 2.0/ +match ssh m|^SSH-([\d.]+)-libssh-([\w-.]+)\r\n| p/libssh/ v/$2/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-HUAWEI-VRP([\d.]+)\n| p/HUAWEI VRP sshd/ v/$2/ i/protocol $1/ o/VRP/ d/router/ +match ssh m|^SSH-([\d.]+)-VRP-([\d.]+)\n| p/HUAWEI VRP sshd/ v/$2/ i/protocol $1/ o/VRP/ d/router/ +match ssh m|^SSH-([\d.]+)-lancom\r\n| p/lancom sshd/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-xxxxxxx\n| p|Fortinet VPN/firewall sshd| i/protocol $1/ d/firewall/ +match ssh m|^SSH-([\d.]+)-AOS_SSH\n| p/AOS sshd/ i/protocol $1/ o/AOS/ +match ssh m|^SSH-([\d.]+)-RedlineNetworksSSH_([\d.]+) Derived_From_OpenSSH-([\d.])+\n| p/RedLineNetworks sshd/ v/$2/ i/Derived from OpenSSH $3; protocol $1/ +match ssh m|^SSH-([\d.]+)-DLink Corp\. SSH server ver ([\d.]+)\n| p/DLink sshd/ v/$2/ i/protocol $1/ d/router/ +match ssh m|^SSH-([\d.]+)-FreSSH\.([\d.]+)\n| p/FreSSH/ v/$2/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-Neteyes-C-Series_([\d.]+)\r\n| p/Neteyes C Series load balancer sshd/ v/$2/ i/protocol $1/ d/load balancer/ +match ssh m|^SSH-([\d.]+)-IPSSH-([\d.]+)\r\n| p/Cisco IPSSHd/ v/$2/ i/protocol $1/ d/router/ o/IOS/ +match ssh m|^SSH-([\d.]+)-DigiSSH_([\d.]+)\n| p/Digi CM sshd/ v/$2/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-0 Tasman Networks Inc\.\n| p/Tasman router sshd/ i/protocol $1/ d/router/ +match ssh m|^SSH-([\d.]+)-([\w.]+)rad\n| p/Rad Java SFTPd/ v/$2/ i/protocol $1/ +# This is a strange one. The linksys WRT45G pretends to be OpenSSH, +# but doesn't do a great job: +match ssh m|^SSH-2\.0-OpenSSH\r\n| p/Linksys WRT45G modified dropbear sshd/ i/protocol 2.0/ d/router/ + +# F-Secure/WRQ +match ssh m|^SSH-([\d.]+)-([\d.]+) F-Secure SSH Windows NT Server\r\n| p/F-Secure WinNT sshd/ v/$2/ i/protocol $1/ o/Windows/ +match ssh m|^SSH-([\d.]+)-([\d.]+) dss F-SECURE SSH\r\n| p/F-Secure sshd/ v/$2/ i/dss-only; protocol $1/ +match ssh m|^SSH-([\d.]+)-([\d.]+) F-SECURE SSH.*\r\n| p/F-Secure sshd/ v/$2/ i/protocol $1/ + +# SCS +match ssh m|^SSH-(\d[.\d]+)-SSH Protocol Compatible Server SCS (\d[-.\w]+)\n| p/SCS NetScreen sshd/ v/$2/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-SSH Compatible Server\n| p/SCS NetScreen sshd/ i/protocol $1/ +match ssh m|^SSH-([\d.]+)-([\d.]+) SSH Secure Shell Tru64 UNIX\r\n| p/SCS sshd/ v/$2/ i/protocol $1/ o/Tru64 Unix/ +match ssh m/^SSH-([.\d]+)-(\d+\.\d+\.\d+) SSH Secure Shell/ p/SCS sshd/ v/$2/ i/protocol $1/ +match ssh m|^sshd: SSH Secure Shell (\d[-.\w]+) on ([-.\w]+)\nSSH-(\d[.\d]+)-| p/SCS SSH Secure Shell/ v/$1/ i/on $2; protocol $3/ +match ssh m|^sshd: SSH Secure Shell (\d[-.\w]+) \(([^\r\n\)]+)\) on ([-.\w]+)\nSSH-(\d[.\d]+)-| p/SCS sshd/ v/$1/ i/$2; on $3; protocol $4/ +match ssh m|^sshd2\[\d+\]: .*\r\nSSH-(\d[\d.]+)-(\d[-.\w]+) SSH Secure Shell \(([^\r\n\)]+)\)\r\n| p/SCS sshd/ v/$2/ i/protocol $1/ +match ssh m/^SSH-([.\d]+)-(\d+\.\d+\.[-.\w]+)/ p/SCS sshd/ v/$2/ i/protocol $1/ + +# OpenSSH +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)[ -]Debian[ -]([^\r\n]ubuntu[\d.]+)\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)[ -]Debian[ -]([^\r\n]+)\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) FreeBSD-([\d]+)\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) FreeBSD localisations (\d+)\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) miniBSD-([\d]+)\n| p/OpenSSH/ v/$2/ i/MiniBSD $3; protocol $1/ o/MiniBSD/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) NetBSD_Secure_Shell-([\d]+)\n| p/OpenSSH/ v/$2/ i/NetBSD $3; protocol $1/ o/NetBSD/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)_Mikrotik_v([\d.]+)\n| p/OpenSSH/ v/$2 mikrotik $3/ i/protocol $1/ d/router/ +match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) in RemotelyAnywhere ([\d.]+)\n| p/OpenSSH/ v/$2/ i/RemotelyAnywhere $3; protocol $1/ o/Windows/ + +# Choose 1 of the following: +# 1) Match all OpenSSHs: +#match ssh m/^SSH-([.\d]+)-OpenSSH[_-]([\S ]+)/i p/OpenSSH/ v/$2/ i/protocol $1/ +# 2) Don't match unknown SSHs (and generate fingerprints) +match ssh m/^SSH-([.\d]+)-OpenSSH[_-]([\w.]+)\n/i p/OpenSSH/ v/$2/ i/protocol $1/ softmatch ssh m/^SSH-([.\d]+)-/ i/protocol $1/ + match soldat m|^Soldat Admin Connection Established\.\.\.\r\nAdmin connected\.\r\n| p/Soldat multiplayer-game server/ match solproxy m|^The solproxy is used by [\d.]+\n\rThe client is closed!\n\r| p/Dell Serial Over LAN proxy/ match subethaedit m|^RPY \d \d \. \d \d+\r\nContent-Type: application/beep\+xml\r\n\r\n<greeting><profile uri=\"http://www\.codingmonkeys\.de/BEEP/SubEthaEditHandshake\"| p/SubEthaEdit collaborative text editor/ o/Mac OS X/ @@ -3464,6 +3505,7 @@ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: NI Service Locator/([\d.]+) \(SLServer\)\r\n| p/National Instruments LabVIEW service locator httpd/ v/$1/ match http m|^HTTP/1\.1 406 Not Acceptable\r\nServer: Phex ([\d.]+)\r\n\r\n| p/Phex HTML-Shared File Export httpd/ v/$1/ match http m|^HTTP/1\.0 200 NoPhrase\r\n.*\r\n<HTML>\r\n<HEAD>\r\n<TITLE>\[JMX RI/([\d.]+)\] Agent View</TITLE>|s p/Sun Java Management Extensions Reference Installation httpd/ v/$1/ +match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[\w_]+\"\r\nAccept-Ranges: bytes\r\nContent-Length: 79\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n<html>\n<script language=javascript>\n\ntop\.location=\"/login\";\n\n</script>\n</html>\n| p|Fortinet VPN/firewall http config| d/firewall/ # Maybe too generic?
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
-- Joshua D. Abraham Northeastern University College of Computer and Information Science www.ccs.neu.edu/home/jabra _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- SSH Survey Results doug (Jun 15)
- Re: SSH Survey Results Joshua D. Abraham (Jun 15)
- Re: SSH Survey Results Fyodor (Jun 23)