shortport.http

[David Fifield <david () bamsoftware com>]

On Mon, Aug 09, 2010 at 02:39:52PM -0700, Fyodor wrote:
> On Sun, Aug 08, 2010 at 09:11:31PM -0600, David Fifield wrote:
> > > I think we should have a shortport function for detecting http
> > > services in any case.  And if we do that anyway, it would be easy to
> > > add the services which we know use http.  If desired, we could note
> > > that the services are http-based in nmap-services and/or the extrainfo
> > > field of nmap-service-probes.
> >
> > Agreed. Some options for the interface are
> >
> > portrule = shortport.http
> > portrule = shortport.special("http")
> > portrule = http.portrule
>
> I don't have a strong opinion, but I think I like shortport.http best.
> http.portrule is problematic because we might want to extend this
> approach to other services, and we may not have specific libraries for
> them.  So we'd either lose consistency or have to create a library
> just for the servicename.portrule.  Shortport.special is OK and might
> be preferable if we were going to have 50+ of these functions.  But I
> don't forsee very many, and it would be kind of nice to have them
> individually documented in nsedoc, so I like shortport.http a bit
> better.

I just committed this function and made the HTTP scripts use it:

---
-- A portrule that matches likely HTTP services.
--
-- @name http
-- @class function
-- @param host The host table to match against.
-- @param port The port table to match against.
-- @return <code>true</code> if the port is likely to be HTTP,
-- <code>false</code> otherwise.
-- @usage
-- portrule = shortport.http
http = shortport.port_or_service({80, 443, 631, 3872, 8080},
        {"http", "https", "ipp", "http-alt", "oem-agent"})

Suggestions for adding to the port or service lists are welcome.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/