Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New submissions to nmap-service-probes part 0

From: doug () hcsw org
Date: Wed, 4 Feb 2009 01:11:12 +0000
On Wed, Feb 04, 2009 at 12:52:24AM +0000 or thereabouts, Brandon Enright wrote:

Impressive.  I really look forward to the results of this
integration.  I know you have a lot more streamlined process than me
for integrating fingerprints but I can do one about every 5 minutes
which comes out to about 6 days of work and the rate I do them...


Heh 6 days might be a bit aggressive.. I dunno we'll see. :)
Maybe 10-20% of the FPs take only a few seconds because
they already match correctly (ie the scanner wasn't using the latest
nmap-service-probes or there was some other factor) but some
take a lot of google research, sometimes even downloading an
app's source and grepping through it. I'm not sure what it works
out to in aggregate, honestly.

My process is actually pretty simple. I think the most important
aspect is just knowing your way around the probes file. For example,
when I want to add a new telnet match line I just search for telnet-proxy
because I know that will take me right to the bottom of the block of
telnet match lines in the NULL probe. Same goes for a few other services
but always make sure you're in the right probe when you add a new match
line. With nvi I just type "?^Probe" to find out what probe I'm in then usually
I hit "u" to undo the last change and take me back where I was and then
"u" again to undo the undo. ;)

And of course "dd" to cut a match line and "p" to paste it.


I have a pretty sizable set of fingerprints from my scans I need to
integrate too.  I'm hoping to be able to make progress on that starting
next week.


Great! Maybe ping the list before you start your integration so
we can avoid any conflicts.


I hope you'll keep notes on the entertaining and interesting
submissions like you have in the past.


Definitely.

Best,

Doug

Attachment: _bin
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: