Nmap Development mailing list archives

Re: Any guide for Adding match rules into nmap-service-probes?

From: Jacek Wielemborek <d33tah () gmail com>
Date: Sat, 06 Jun 2015 17:56:43 +0200

W dniu 06.06.2015 o 17:14, ryan chou pisze:

Hi Daniel Miller,


Hello,

You sent the message to Nmap developers list, so I'd assume that you
would accept an answer from any other developer as well. Please find the
answer below.

     May i ask you some questions on the process of adding match rule into
nmap-service-probes? Are there any guide or standard for it? I only found
the vs-fileformat instructions in nmap offical Guide. No charpters were
about the process of writing regexes of rules and adding them into
nmap-service-probes.

   Could you introduce it for us with some samples included the part of how
to test it for improving the rules' coverage and reducing the rate of false
positive.

   And Could it be a standard or Guide for more develpers to participate in
it to help improve the nmap？


Generally, the best way to contribute is to report a fingerprint Nmap
generates to https://nmap.org/submit/ . A sample fingerprint might look
like this:

 nmap localhost -p 31337 -sV

Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-06-06 17:54 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000045s latency).
Other addresses for localhost (not scanned): ::1
PORT      STATE SERVICE VERSION
31337/tcp open  Elite?
1 service unrecognized despite returning data. If you know the
service/version, please submit the following fingerprint at
https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux-
SF:gnu%r(NULL,2,"b\n");

Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds

The part you should submit is the following:

SF-Port31337-TCP:V=6.47SVN%I=7%D=6/6%Time=557317B1%P=x86_64-unknown-linux-
SF:gnu%r(NULL,2,"b\n");

(it might differ depending on the buffer you received)

As for the nmap-service-probes modification, you will find documentation
here:

https://nmap.org/book/vscan-fileformat.html

Please let us know if there is anything else you would like to know about.

Cheers,
d33tah

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
- Re: Any guide for Adding match rules into nmap-service-probes? Jacek Wielemborek (Jun 06)
  - Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
    - Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 06)
    - Re: Any guide for Adding match rules into nmap-service-probes? Daniel Miller (Jun 07)
    - Re: Any guide for Adding match rules into nmap-service-probes? ryan chou (Jun 07)