Re: VMware-fingerprint nse

[Mark Baseggio <info () baseggio ca>]

Thanks David,

with nmap 6.25 don't get the version back when running "nmap -sV
--version-all -p44 <ip>" I get back:

Nmap scan report for 10.0.2.209
Host is up (0.00026s latency).
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http VMware ESXi Server httpd

I'm happy to add this as a service probe -- I just have to go figure out
how to do that now.




On Thu, Jun 20, 2013 at 1:06 AM, David Fifield <david () bamsoftware com>wrote:

> On Thu, May 30, 2013 at 05:14:29PM -0400, Mark Baseggio wrote:
> > I've created a nse that fingerprints vmware ESX/ESXi servers. This is my
> > first foray into both Lua and nmap scripting, so please excuse any noob
> > mistakes I might have made with this--I tried to follow the examples and
> > tutorials as closely as possible. I would like to submit it for inclusion
> > in nmap so others can benefit from it as well.
>
> Thanks for this contribution.
>
> It looks like this script would be better written as a version
> probe--all it does is send one stereotyped request and then do pattern
> matching on the reply. See http://nmap.org/book/vscan.html.
>
> In fact, it looks like we already have a service probe that makes a
> request similar to the one your script makes. However I wouldn't be
> surprised if it is broken, because it is missing an "HTTP POST" and
> doesn't have any matchlines.
>
> Probe TCP vmware-esx q|<soap:Envelope xmlns:xsd="
> http://www.w3.org/2001/XMLSchema"; ...
>
> Do you get anything useful from a "nmap -sV --version-all" against a
> port running this service? What if you modify the existing vmware-esx
> probe in nmap-service-probes?
>
> David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/