Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] Allow NSE script to set service info without -sV

From: David Fifield <david () bamsoftware com>
Date: Mon, 21 Dec 2009 12:27:26 -0700
On Sat, Dec 19, 2009 at 11:27:45AM -0600, Tom Sellers wrote:

I have attached a patch that changes nmap behavior so that NSE scripts can
modify a service's product, version, extrainfo, ostype and devicetype
even if nmap was called without version detection (-sV).

As far as I can tell nmap will not let you set these values unless version
detection is requested.  I often want to run very targeted scans against
a service using a script, output that data to XML and then use ruby code
to parse and report on the findings.  If this change is implemented I can
cut down on the network overhead and potential impact on my targets.



In nse_nmaplib.cc starting at line 551 the code logic says that if a service
scan is requested set all the service values (product, version, etc), if
not just set the probe state, name and tunnel values.

The change I made basically detects if any of the normally unset values
have been populated, if so set the o.servicescan value to be true.  I had
tried just writing the values out without touching the o.servicescan variable
but this tripped an assert in NmapOutputTable.cc because there were not
enough columns allocated in the service table output.

Ultimately the change I settled on consists of adding the following two
lines to nse_nmaplib.cc:

  if ( product || version || extrainfo || hostname || ostype || devicetype )
    o.servicescan = true;


I'd like you to try solving this a different way. In the printportoutput
function in output.cc, it allocates an extra column in the output table
if o.servicescan is true. You could change this to do a quick pass over
the port table (encapsulated in a function) to check if any ports have
version results. That function would also always return true if
o.servicescan is set. With the new Port structure after the recent
memory reduction work, all you have to do is check that Port::service is
non-NULL.

I don't think there's a good reason for l_set_port_version to refuse to
store all the service information if o.servicescan is not set. You
should take that out if it doesn't cause problems.

The reason I don't like changing o.servicescan is that it might have
side effects. In fact, won't that cause a real service scan to be run
for following host groups?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: