Nmap Development mailing list archives
Re: quake-server-info.nse
From: Ulrik Haugen <qha () lysator liu se>
Date: Fri, 07 Mar 2014 00:45:48 +0100
Daniel Miller <bonsaiviking () gmail com> wrote:
On 03/05/2014 02:50 PM, Ulrik Haugen wrote: I have played around a bit with the script, and it's very nice. Your use of error() and pcall() is different than anything I've seen in NSE before, but I can see how it works well. I do have a couple questions, though:
I would like to add a nmap-service-probes fingerprint for quake1 servers, like so:
# Quake1 server info Probe UDP Quake1_server_info q|\x80\x00\x00\x0c\x02\x51\x55\x41\x4b\x45\x00\x03| rarity 9 ports 26000-26019 match quake m|^\x80\x00..\x83([^\x00]*)\x00([^\x00]*)\x00| p/Quake 1 server/ i/address: $1, name: $2/
So my first question is, how confident are you in the upper bound of 26019 for Quake servers? Is this really used that often? Or should this be limited to 26000-26004 like the Quake 3 probe?
26000 through 26004 is probably fine, looking at http://quakeone.com/servers/ and http://www.quakeservers.net/quake/servers/ it seems the vast majority of servers is on 26000 and then it drops of rather quickly... I've changed the portrule too. On this subject though, is there a way to run a script on another set of ports except changing its portrule?
Second, when you set the version information with nmap.set_port_version, could you be a little more concise? The port.version.name field should be one word all lowercase, "quake". The port.version.product field should be something more like "Quake 1 server". The port.version.version field could probably be reduced by not reporting the exact byte value ("0x03: ") and shortening the description to something like "released".
Regarding the output, I don't have a problem with how you've done it, though I would have done it differently myself. My only suggestion would be to remove the unnecessary "Target is running a Quake game server" heading, but keep the initial 2-space indent. The fact that the script gave output is proof that it is a Quake server, in addition to the mention in the SERVICE and VERSION fields.
Sure, i've pruned these strings. Updated version attached. Best regards /Ulrik Haugen
Attachment:
quake-server-info.nse
Description: Updated script
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- quake-server-info.nse Ulrik Haugen (Feb 28)
- Re: quake-server-info.nse Sriharsha Karamchati (Feb 28)
- Re: quake-server-info.nse Daniel Miller (Feb 28)
- Re: quake-server-info.nse Daniel Miller (Feb 28)
- Re: quake-server-info.nse Ulrik Haugen (Mar 05)
- Re: quake-server-info.nse Daniel Miller (Mar 06)
- Re: quake-server-info.nse Ulrik Haugen (Mar 07)
- Re: quake-server-info.nse Daniel Miller (Mar 07)
- Re: quake-server-info.nse Ulrik Haugen (Mar 08)
- Re: quake-server-info.nse Ulrik Haugen (Mar 05)
- Re: quake-server-info.nse Sriharsha Karamchati (Feb 28)