Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Evaluation of fingerprint

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 6 Mar 2016 18:18:45 -0600
Parth,

This service is Adobe Flash socket policy file (
https://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html).
Since Nmap 6.49BETA1, Nmap has detected this as a softmatch, meaning that
the service name will be populated but the service fingerprint will still
be shown. Because of your email, I have added facebook's particular
response as a hard match in r35661 (dev) so that the fingerprint will not
be printed in the future.

I encourage you to upgrade to the latest stable version, 7.01.

Dan

On Sun, Mar 6, 2016 at 8:36 AM, Parth Thumar <parththumar1994 () gmail com>
wrote:


Hi all,

  I have scanned the ip 31.13.79.220(www.facebook.com) through zenmap and
i got this fingerprint which is on port 843-tcp and open but unknown.


SF-Port843-TCP:V=6.47%I=7%D=3/6%Time=56DC3AE4%P=i686-pc-windows-windows%r(
SF:NULL,126,"<\?xml\x20version=\"1\.0\"\?>\r\n<!DOCTYPE\x20cross-domain-po
SF:licy\x20SYSTEM\x20\"http://www\.adobe\.com/xml/dtds/cross-domain-policy
SF:\.dtd\">\r\n<cross-domain-policy>\r\n\x20<site-control\x20permitted-cro
SF:ss-domain-policies=\"master-only\"/>\r\n\x20<allow-access-from\x20domai
SF:n=\"www\.facebook\.com\"\x20to-ports=\"443\"\x20/>\r\n</cross-domain-po
SF:licy>\r\n")%r(GetRequest,126,"<\?xml\x20version=\"1\.0\"\?>\r\n<!DOCTYP
SF:E\x20cross-domain-policy\x20SYSTEM\x20\"http://www\.adobe\.com/xml/dtds
SF:/cross-domain-policy\.dtd\">\r\n<cross-domain-policy>\r\n\x20<site-cont
SF:rol\x20permitted-cross-domain-policies=\"master-only\"/>\r\n\x20<allow-
SF:access-from\x20domain=\"www\.facebook\.com\"\x20to-ports=\"443\"\x20/>\
SF:r\n</cross-domain-policy>\r\n")%r(HTTPOptions,126,"<\?xml\x20version=\"
SF:1\.0\"\?>\r\n<!DOCTYPE\x20cross-domain-policy\x20SYSTEM\x20\"http://www
SF:\.adobe\.com/xml/dtds/cross-domain-policy\.dtd\">\r\n<cross-domain-poli
SF:cy>\r\n\x20<site-control\x20permitted-cross-domain-policies=\"master-on
SF:ly\"/>\r\n\x20<allow-access-from\x20domain=\"www\.facebook\.com\"\x20to
SF:-ports=\"443\"\x20/>\r\n</cross-domain-policy>\r\n")%r(RPCCheck,126,"<\
SF:?xml\x20version=\"1\.0\"\?>\r\n<!DOCTYPE\x20cross-domain-policy\x20SYST
SF:EM\x20\"http://www\.adobe\.com/xml/dtds/cross-domain-policy\.dtd\";>\r\n
SF:<cross-domain-policy>\r\n\x20<site-control\x20permitted-cross-domain-po
SF:licies=\"master-only\"/>\r\n\x20<allow-access-from\x20domain=\"www\.fac
SF:ebook\.com\"\x20to-ports=\"443\"\x20/>\r\n</cross-domain-policy>\r\n")%
SF:r(DNSStatusRequest,126,"<\?xml\x20version=\"1\.0\"\?>\r\n<!DOCTYPE\x20c
SF:ross-domain-policy\x20SYSTEM\x20\"http://www\.adobe\.com/xml/dtds/cross
SF:-domain-policy\.dtd\">\r\n<cross-domain-policy>\r\n\x20<site-control\x2
SF:0permitted-cross-domain-policies=\"master-only\"/>\r\n\x20<allow-access
SF:-from\x20domain=\"www\.facebook\.com\"\x20to-ports=\"443\"\x20/>\r\n</c
SF:ross-domain-policy>\r\n")%r(Help,126,"<\?xml\x20version=\"1\.0\"\?>\r\n
SF:<!DOCTYPE\x20cross-domain-policy\x20SYSTEM\x20\"http://www\.adobe\.com/
SF:xml/dtds/cross-domain-policy\.dtd\">\r\n<cross-domain-policy>\r\n\x20<s
SF:ite-control\x20permitted-cross-domain-policies=\"master-only\"/>\r\n\x2
SF:0<allow-access-from\x20domain=\"www\.facebook\.com\"\x20to-ports=\"443\
SF:"\x20/>\r\n</cross-domain-policy>\r\n");

So i want know what this script means and how nmap is able to obtain this
script?

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: