Nmap Development mailing list archives
Re: Conditional Matches in nmap-service-probes
From: Lionel Cons <lionel.cons () cern ch>
Date: Fri, 7 Dec 2007 11:27:35 +0100
Fyodor writes:
Maybe it should work that way, but right now (as you can see) it aborts if you try to include a replace with a non-existant string. Treating that as an empty string might help some signatures, but also removes this chance to catch errors. So I don't know which way is best.
Well, one can always use "(([A-Z]+ )?)" as a workaround. $1 will be the empty string in case $2 does not match. However, I didn't like complicating the regexp before asking. So one could argue that the current behaviour is better as it may catch errors while still being usable via the workaround above.
On another note, I'd try to avoid using replacements in p// anyway. For example, that makes it impossible to tell from the signatures what different programs are recognized.
This makes perfect sense but should IMHO be documented, probably in http://insecure.org/nmap/vscan/vscan-fileformat.html (Table 1) or http://insecure.org/nmap/vscan/vscan-community.html. Cheers, Lionel _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Conditional Matches in nmap-service-probes Lionel Cons (Dec 06)
- Re: Conditional Matches in nmap-service-probes Fyodor (Dec 06)
- Re: Conditional Matches in nmap-service-probes Lionel Cons (Dec 07)
- Re: Conditional Matches in nmap-service-probes Fyodor (Dec 06)