Nmap Development mailing list archives
Re: [NSE] new scripts and libraries: service probes
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 19 Aug 2010 23:38:53 +0200
On 18 aug 2010, at 17.34, David Fifield wrote:
On Sat, Aug 14, 2010 at 02:44:01PM +0200, Patrik Karlsson wrote:On 12 aug 2010, at 03.13, David Fifield wrote:I only have the latest submitted fingerprints up to August 5, so if you submitted them later, just let me know. Here are the specific questions I have. match dominoconsole m|^([^:]*):([^:]*):[^:]+:.*$| p/Lotus Domino Console/ o/$2/ i/Server name: $1/ What is the format of the $2 field? If it's not the same as in our other matches ("windows" lowercase, for example), then it's better to have multiple match lines to put it in the correct format. Is the $1 field the host name? If so, put it in h/$1/.This is what a match looks like PORT STATE SERVICE VERSION 2050/tcp open ssl/dominoconsole Lotus Domino Console (Server name: server1/labb1) Service Info: OS: Windows/2003 5.2 Intel Pentium So the format isn't correct. The server name is prefixed with the Domino domain, so I guess we would need to strip that off first. Maybe the domain could be kept as extra information? Let me know what you think.I think we can easily strip off the domain and show it separately. The OS string looks fine to leave as is. The fingerprint you sent me had interesting information in the third field, it was "labb1 testing server". I'm guessing that's a description string. Here's my modified match line; please commit it if it works. match dominoconsole m|^([^/]*)/([^:]*):([^:]*):([^:]*):([^:]*):| p/Lotus Domino Console/ o/$3/ h/$2/ i/domain: $1; description: "$4"/
I think there's a ([^:]*): to much at the end, I removed it and it worked great. It's commited as r19894.
David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] new scripts and libraries Patrik Karlsson (Aug 08)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: service probes Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: service probes David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Ron (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Ron (Aug 11)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 20)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 20)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 21)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 11)