Nmap Development mailing list archives
Re: Microsoft SQL Server fingerprint question
From: doug () hcsw org
Date: Thu, 3 Jan 2008 18:16:40 -0800
Hi Tom, On Thu, Jan 03, 2008 at 07:31:05PM -0600 or thereabouts, Tom Sellers wrote:
3. Use a match line with pattern matching to extract the version number in hex, convert it to decimal and present it. Can this be done? (I saw a mention of helper functions in the docs but could not find anything else about them. The comment toward the bottom of the match section: http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match)
A funny coincidence, but just a day or two I updated the docs to better explain the helper functions. The new webpage hasn't been rendered yet but here is the XML: <para> In rare cases, a <literal>helper function</literal><indexterm><primary>version scan</primary><secondary>helper functions</secondary></indexterm> can be applied to the replacement text before insertion. The <literal>$P()</literal> helper function will filter out unprintable characters. This is useful for converting unicode UTF-16 encoded strings like <literal>W\0O\0R\0K\0G\0R\0O\0U\0P\0</literal> into the ASCII approximation <literal>WORKGROUP</literal>. It can be used in any <literal>versioninfo</literal> field by passing it the number of the match you want to make printable, like this: <literal>i/$P(3)/</literal>. </para> <para> Another helper function is <literal>$SUBST()</literal>. This is used for making substitutions in matches before they are printed. For example, if an application gives its versions like <literal>5_2_3</literal> we could use a versioninfo field <literal>v/$SUBST(1,"_",".")/</literal> to convert it to the more conventional <literal>5.2.3</literal>. </para> Thanks for these probes and suggestions! I will try to respond in more detail shortly. Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Microsoft SQL Server fingerprint question Tom Sellers (Jan 03)
- Re: Microsoft SQL Server fingerprint question doug (Jan 03)
- Message not available
- Re: Microsoft SQL Server fingerprint question doug (Jan 04)
- Re: Microsoft SQL Server fingerprint question Tom Sellers (Jan 04)
- Message not available
- Re: Microsoft SQL Server fingerprint question doug (Jan 03)
- Re: Microsoft SQL Server fingerprint question Fyodor (Jan 04)
- Re: Microsoft SQL Server fingerprint question doug (Jan 06)