Nmap Development mailing list archives
Re: Any guide for Adding match rules into nmap-service-probes?
From: Jacek Wielemborek <d33tah () gmail com>
Date: Sat, 06 Jun 2015 17:56:43 +0200
W dniu 06.06.2015 o 17:14, ryan chou pisze:
Hi Daniel Miller,
Hello, You sent the message to Nmap developers list, so I'd assume that you would accept an answer from any other developer as well. Please find the answer below.
May i ask you some questions on the process of adding match rule into nmap-service-probes? Are there any guide or standard for it? I only found the vs-fileformat instructions in nmap offical Guide. No charpters were about the process of writing regexes of rules and adding them into nmap-service-probes. Could you introduce it for us with some samples included the part of how to test it for improving the rules' coverage and reducing the rate of false positive. And Could it be a standard or Guide for more develpers to participate in it to help improve the nmap?
Generally, the best way to contribute is to report a fingerprint Nmap generates to https://nmap.org/submit/ . A sample fingerprint might look like this: nmap localhost -p 31337 -sV Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-06-06 17:54 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000045s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE VERSION 31337/tcp open Elite? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux- SF:gnu%r(NULL,2,"b\n"); Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds The part you should submit is the following: SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux- SF:gnu%r(NULL,2,"b\n"); (it might differ depending on the buffer you received) As for the nmap-service-probes modification, you will find documentation here: https://nmap.org/book/vscan-fileformat.html Please let us know if there is anything else you would like to know about. Cheers, d33tah
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Jacek Wielemborek (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Daniel Miller (Jun 07)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 07)
- Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Jacek Wielemborek (Jun 06)