"version" scripts running after successful version detection

[David Fifield <david () bamsoftware com>]

I notice that the script http-huawei-hg5xx-vuln is running for every -sV
scan that finds an HTTP port. It's adding things to HTTP logs that look
like this:

127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /nmaplowercheck1342486338 HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; 
Nmap Scripting Engine; http://nmap.org/book/nse.html)"
127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /Listadeparametros.html HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; 
Nmap Scripting Engine; http://nmap.org/book/nse.html)"

The script is running because it belongs to the "version" category. This
is happening even when normal version scan finds a match. I had thought
that NSE would not run "version" scripts for services that already have
a match, but that appears not to be the case. The sample script at
http://nmap.org/book/nse-vscan.html#nse-skypev2-script does this check
in the portrule; are all scripts supposed to check in this way?

In any event, it seems we shouldn't be running this script as often as
it is being run.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/