Nmap Development mailing list archives
Re: New submissions to nmap-service-probes part 0
From: doug () hcsw org
Date: Wed, 4 Feb 2009 01:11:12 +0000
On Wed, Feb 04, 2009 at 12:52:24AM +0000 or thereabouts, Brandon Enright wrote:
Impressive. I really look forward to the results of this integration. I know you have a lot more streamlined process than me for integrating fingerprints but I can do one about every 5 minutes which comes out to about 6 days of work and the rate I do them...
Heh 6 days might be a bit aggressive.. I dunno we'll see. :) Maybe 10-20% of the FPs take only a few seconds because they already match correctly (ie the scanner wasn't using the latest nmap-service-probes or there was some other factor) but some take a lot of google research, sometimes even downloading an app's source and grepping through it. I'm not sure what it works out to in aggregate, honestly. My process is actually pretty simple. I think the most important aspect is just knowing your way around the probes file. For example, when I want to add a new telnet match line I just search for telnet-proxy because I know that will take me right to the bottom of the block of telnet match lines in the NULL probe. Same goes for a few other services but always make sure you're in the right probe when you add a new match line. With nvi I just type "?^Probe" to find out what probe I'm in then usually I hit "u" to undo the last change and take me back where I was and then "u" again to undo the undo. ;) And of course "dd" to cut a match line and "p" to paste it.
I have a pretty sizable set of fingerprints from my scans I need to integrate too. I'm hoping to be able to make progress on that starting next week.
Great! Maybe ping the list before you start your integration so we can avoid any conflicts.
I hope you'll keep notes on the entertaining and interesting submissions like you have in the past.
Definitely. Best, Doug
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New submissions to nmap-service-probes part 0 doug (Feb 03)
- Re: New submissions to nmap-service-probes part 0 Brandon Enright (Feb 03)
- Re: New submissions to nmap-service-probes part 0 doug (Feb 03)
- Re: New submissions to nmap-service-probes part 0 Brandon Enright (Feb 03)