Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Quake 3 query script submission

From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 25 Jan 2010 09:02:21 -0600
On 2010-01-25 06:25, Brandon Enright wrote:

First, you changed the generic Quake 3 match to a softmatch. Is the idea here
that we can get fingerprints for more specific matches?


Yes. The fact that it tells you the OS and CPU as part of the version is kind of
nice, too.


If you could do something like m|^\xff+\\gamename\\Nexuiz| the match would be
much, much faster. What sort of content are you matching against here? If the
best that can be added is .* then there is no point.


The response should be marker (\xff\xff\xff\xff), then type (getstatusResponse),
then newline, then a game-specific number of key-value pairs (\key1\value1 ...
\key2\value2).

Anchors are possible, and something like the following should work:

m|^\xff\xff\xff\xffgetstatusResponse\n.*\\gamename\\Nexuiz.*|

I'll add in the anchors and retest.

--
Matthew Anthony Kolybabi (Mak)
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: