Re: Conditional Matches in nmap-service-probes

[Lionel Cons <lionel.cons () cern ch>]

Fyodor writes:
> Maybe it should work that way, but right now (as you can see) it
> aborts if you try to include a replace with a non-existant string.
> Treating that as an empty string might help some signatures, but also
> removes this chance to catch errors.  So I don't know which way is
> best.

Well, one can always use "(([A-Z]+ )?)" as a workaround. $1 will be
the empty string in case $2 does not match. However, I didn't like
complicating the regexp before asking. 

So one could argue that the current behaviour is better as it may
catch errors while still being usable via the workaround above.

> On another note, I'd try to avoid using replacements in p// anyway.
> For example, that makes it impossible to tell from the signatures what
> different programs are recognized.

This makes perfect sense but should IMHO be documented, probably in
http://insecure.org/nmap/vscan/vscan-fileformat.html (Table 1) or
http://insecure.org/nmap/vscan/vscan-community.html.

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org