Nmap Development mailing list archives
Re: addition to -sV service detection switch
From: MadHat <madhat () unspecific com>
Date: Fri, 26 Mar 2004 22:44:57 -0600
On Mar 26, 2004, at 9:44 PM, Cemil Degirmenci wrote:
Hello, i just had some ideas to enhance the -sV switch. I will make an example for dns here:On Most DNS-Servers it is possible to get the Version by query the chaos txt version.bind record like this:cemil@fusie:~$ host -c chaos -t txt version.bind ns1.wavecon.deVersion.bind text "Served by POWERDNS 2.9.15 $Id: packethandler.cc,v 1.22 2004/01/17 13:18:22 ahu Exp $"Experiences show that this query is in 98% of all cases right (no, this is not a representative value - i just appraise it ;-) )Same things could be done with HTTP ( query "HEAD / HTTP/1.0" and do some regexp)After a look at the nmap-service-probes file i saw that it seems not to fit into the existing system... So - what do you think of that? Does it make sence? Or should there be an own switch like "-svV" :)
What would be the difference from the existing probes? I know on the http probes I discussed other requests methods and the reason GET was used first is that more servers respond to it than any other web server "verb".
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- addition to -sV service detection switch Cemil Degirmenci (Mar 26)
- Re: addition to -sV service detection switch MadHat (Mar 26)
- Re: addition to -sV service detection switch Cemil Degirmenci (Mar 27)
- Message not available
- Re: addition to -sV service detection switch MadHat (Mar 27)
- Re: addition to -sV service detection switch MadHat (Mar 26)