Penetration Testing mailing list archives

Re: [PEN-TEST] Database of service output

From: Renaud Deraison <deraison () CVS NESSUS ORG>
Date: Wed, 13 Dec 2000 12:36:09 +0100

On Tue, Dec 12, 2000 at 02:56:44PM -0600, Dave Cowen wrote:

We also looked through the nessus find-service plugin,
                                                                      The
nessus plugin, according to their code, is highly beta and contains about 10
or more entries. The major problem is that they are only doing a strstr upon
the retrieved banner to match the text at any point, see no regex.


Please try to learn how to read C. This plugin stores the
banner at some place, but relies on error codes to determine what
service is listenning behind which port. Basically, what this plugin
does is that, for every port, it does a bogus request and then inspects
the error code (or the error code which is with the banner, such as
'220' for a FTP banner).

Now, while I'm not completely satisfied with it, you still get accurate
results and the plugin works quite fast (only one request per port). We
are looking into improving it, but it does not do what you said it was
doing.



                                -- Renaud

--
Renaud Deraison
The Nessus Project
http://www.nessus.org

Current thread:

[PEN-TEST] Database of service output Dave Cowen (Dec 10)
- Re: [PEN-TEST] Database of service output Arturo Busleiman (Dec 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Database of service output Randall, Mark (ISSCalifornia) (Dec 13)
- Re: [PEN-TEST] Database of service output Dave Cowen (Dec 13)
  - Re: [PEN-TEST] Database of service output Renaud Deraison (Dec 14)