Re: [NSE] new scripts and libraries: service probes

[David Fifield <david () bamsoftware com>]

On Sat, Aug 14, 2010 at 02:44:01PM +0200, Patrik Karlsson wrote:
> On 12 aug 2010, at 03.13, David Fifield wrote:
>
> > I only have the latest submitted fingerprints up to August 5, so if you
> > submitted them later, just let me know.
> >
> > Here are the specific questions I have.
> >
> > match dominoconsole m|^([^:]*):([^:]*):[^:]+:.*$| p/Lotus Domino Console/ o/$2/ i/Server name: $1/
> >
> > What is the format of the $2 field? If it's not the same as in our other
> > matches ("windows" lowercase, for example), then it's better to have
> > multiple match lines to put it in the correct format. Is the $1 field
> > the host name? If so, put it in h/$1/.
>
> This is what a match looks like
> PORT     STATE SERVICE           VERSION
> 2050/tcp open  ssl/dominoconsole Lotus Domino Console (Server name: server1/labb1)
> Service Info: OS: Windows/2003 5.2 Intel Pentium
>
> So the format isn't correct. The server name is prefixed with the
> Domino domain, so I guess we would need to strip that off first.
> Maybe the domain could be kept as extra information? Let me know what
> you think.

I think we can easily strip off the domain and show it separately. The
OS string looks fine to leave as is. The fingerprint you sent me had
interesting information in the third field, it was "labb1 testing
server". I'm guessing that's a description string. Here's my modified
match line; please commit it if it works.

match dominoconsole m|^([^/]*)/([^:]*):([^:]*):([^:]*):([^:]*):| p/Lotus Domino Console/ o/$3/ h/$2/ i/domain: $1; 
description: "$4"/

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/