Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection

[Daniel Miller <bonsaiviking () gmail com>]

SoF,

This looks like another one that could be implemented as a service probe.
Try this out and see if it's a good match. If you have a better idea for a
probe that gets detailed information from the service like a banner or
other info, that'd be great, too:

##############################NEXT PROBE##############################
# Network Job Entry
#
http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/intro.htm
Probe TCP NJE q|\xd6\xd7\xc5\xd5@@@@\xc6\xc1\xd2\xc5@
@@@\0\0\0\0\xc6\xc1\xd2\xc5@@@@\0\0\0\0\0|
rarity 9
ports 175
sslports 2252

softmatch nje m|^\xd5\xc1\xd2| p|z/OS Network Job Entry|
softmatch nje m|^\xc1\xc3\xd2| p|z/OS Network Job Entry|

Dan

On Fri, Sep 4, 2015 at 6:17 PM, Main Framed <mainframed767 () gmail com> wrote:

> This is a new script which identifies open ports on a mainframe that
> support Network Job Entry (or NJE).
>
> You can read more about Network Job Entry here:
> http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/intro.htm
>
> The protocol is described here:
> http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SA22-7539-02
>
> A script is required because upon connection the port doesn't send any
> information and waits for the 'client' to initiate the connection. This
> script performs that initial connection to determine if it is NJE.
>
>
>
> --
> Soldier of Fortran
> @mainframed767
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/