Nmap Development mailing list archives
Re: Fwd: hadoop and hbase information gathering
From: David Fifield <david () bamsoftware com>
Date: Fri, 13 Jan 2012 17:05:53 -0800
On Wed, Nov 09, 2011 at 06:16:48PM -0800, David Fifield wrote:
On Wed, Nov 09, 2011 at 08:32:08PM +0100, John Bond wrote:On 1 November 2011 04:52, David Fifield <david () bamsoftware com> wrote:> On Sun, Oct 30, 2011 at 10:46:33AM +0100, John Bond wrote:>> On 14 October 2011 00:14, John Bond <john.r.bond () gmail com> wrote:>> Okay. I can see the reason for this. All these different scripts run> against different ports, but they are all HTTP. Patrick found that his> university's Hadoop ran on different ports than the default.>> Using shortport.http should take these scripts out of default, I think,> because they will only get a response from a minority of web servers. I> might even modify the rule to be "got a service match for HTTP, but it> is *not* running on a common HTTP port." Then it could be default again.Ok i think i get what you mean i have updated the port rule to us the following portrule = function(host, port) local force = stdnse.get_script_args('hadoop-info.force') if not force then return shortport.http and port.number ~= 80 and port.number ~= 443 else return true end endThis is pretty close. (But you need shortport.http(host, port), not just shortport.http, which is always true because it is a function value.) What shortport.http is doing is (service match OR port match) What we want is (service match AND NOT port match) So what you've written is essentially (service match OR port match) AND NOT port match = (service match AND NOT port match) OR (port match AND NOT port match) = (service match AND NOT port match) But I think it should include all the port numbers that shortport.http knows about. In don't want the list of ports copied into every hadoop script. Instead can you edit shortport.lua to have public LIKELY_HTTP_SERVICES and LIKELY_HTTP_PORTS, and then rewrite the portrules to use those?
John sent me a patch doing this, and then I committed something similar. Now these scripts should run for anything that appears to be HTTP, except for those ports that are usually used for some other kind of HTTP. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Fwd: hadoop and hbase information gathering David Fifield (Jan 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Jan 13)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Jan 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Jan 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Jan 13)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Jan 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Jan 13)