Nmap Development mailing list archives
Re: quake-server-info.nse
From: Ulrik Haugen <qha () lysator liu se>
Date: Sat, 08 Mar 2014 00:28:00 +0100
Daniel Miller <bonsaiviking () gmail com> wrote:
On 03/06/2014 05:45 PM, Ulrik Haugen wrote:I've changed the portrule too. On this subject though, is there a way to run a script on another set of ports except changing its portrule?
There are a couple of options. First, you can force a script to run regardless of its portrule by prepending "+" to the script name in your command: nmap --script +quake1-info
Second, you can check lots of things in the portrule, not just the port version information. It's usually best to not send packets in the portrule, and to keep it relatively short, but pretty much anything else is possible. This might include more ports.
Lastly, you can run with version detection. With the new probe and match, it is possible that odd ports will show up as "quake" and be run with the current portrule. However, because the rarity is set to 9 and the ports to 26000-26004, you would need to run version detection with --version-intensity 9 (a.k.a. --version-all) to actually send the probe to ports other than 26000-26004.
Oh, i see! I thought there had to be a better reason for including the service name in the port rule than what i wrote in the comment for it.
Updated version attached.
Thanks! With a couple minor changes (2-space indent, more detailed description, rename baf to ratio),
Excellent, i was never very happy with baf but for some reason it never crossed my mind to find something better for that particular annoyance.
I committed this in r32775. I took the liberty of renaming the script to quake1-info, to match the existing quake3-info script name. You can see your credit in the CHANGELOG as well:
o [NSE] Add quake1-info script for retrieving server and player information from Quake 1 game servers. Reports potential DoS amplification factor. [Ulrik Haugen]
I'm very pleased to see this! Best regards /Ulrik Haugen _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- quake-server-info.nse Ulrik Haugen (Feb 28)
- Re: quake-server-info.nse Sriharsha Karamchati (Feb 28)
- Re: quake-server-info.nse Daniel Miller (Feb 28)
- Re: quake-server-info.nse Daniel Miller (Feb 28)
- Re: quake-server-info.nse Ulrik Haugen (Mar 05)
- Re: quake-server-info.nse Daniel Miller (Mar 06)
- Re: quake-server-info.nse Ulrik Haugen (Mar 07)
- Re: quake-server-info.nse Daniel Miller (Mar 07)
- Re: quake-server-info.nse Ulrik Haugen (Mar 08)
- Re: quake-server-info.nse Ulrik Haugen (Mar 05)
- Re: quake-server-info.nse Sriharsha Karamchati (Feb 28)