Re: Simple NSE script for Docker API fingerprinting

[Claudio Criscione <claudio.criscione () gmail com>]

Ah, of course this is way better coded as a Probe. My bad - when all you
have is an hammer...
Is this still the right way to contribute?
http://nmap.org/book/vscan-community.html says so but I got no answer to my
previous mail.

##############################NEXT PROBE##############################
# Queries Docker APIs for the /version url containing version information.
#
Probe TCP docker q|GET /version HTTP/1.1\r\n\r\n|
rarity 7
ports 2375
sslports 2376

match docker
m|.*{"ApiVersion":"(.*)","Arch".*"GitCommit":"(.*)","GoVersion".*"Os":"(.*)","Version":"(.*)"}.*|
p/Docker remote API/ v/$1/ o/$3/ i/GitCommit:$2 DockerVersion:$4/

Cheers

Il giorno Sun Aug 10 2014 at 5:46:13 PM Claudio Criscione <
claudio.criscione () gmail com> ha scritto:

> Hi,
>  I wrote a simple NSE script to fingerprint the Docker HTTP rest server
> and thought this could be useful as Docker picks up adoption.
> The Docker server has a weird behavior (returns 302 $HOST when you try to
> GET $HOST), so without this script it's reported to be an open proxy.
>
> It's my first go at NSEs, so I'm happy to fix anything.
>
> Cheers
>
> Claudio
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/