Nmap Development mailing list archives
[PATCH] Metasploit Framework msfd matchline
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sun, 25 May 2008 18:07:24 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I've attached a patch to add a matchline for the Metasploit Framework msfd daemon. You can see what I'm trying to match here[1]. It shows msfconsole there instead, but it's the same thing. I've tested it against the following versions (the last is from SVN): 55554/tcp open metasploit Metasploit Framework msfd 3.0-beta-dev 55554/tcp open metasploit Metasploit Framework msfd 3.0 55554/tcp open metasploit Metasploit Framework msfd 3.1-release 55554/tcp open metasploit Metasploit Framework msfd 3.2-release (msfd is only in 3.x) Is "metasploit" a good service name, or would something like "msf" be better? "msf" is short and has the "framework", but it might not be as recognizable. Of course the version information tells everything and it will be the only thing using the name so far. How's the matchline? I left out "aux" from the match because I saw "recon" there (or nothing at all) instead in a screenshot of an old 3.0-alpha version, and even though "aux" probably won't be going away, I think I've matched enough to be sure it's msf :) And I was also tempted to match the exploits/payloads and encoders/nops pairs together with the dash between them, but again I think enough is matched and I don't want it to break if they change a little bit there. I think the matchline is fine because it matched the range I tested above, but I didn't try everything. I could be matching too much. Thanks, Kris Katterjohn [1] http://metasploit.com/images/gallery/msfconsole.jpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDnxKf9K37xXYl36AQLdFQ/8CdeEb8Xm2lFwtzyFEBkHYI2lVRKEbjzI O5eUZyGhTV7x/gXmGcCA8Hy7Vt2CWb65etXpcp1fPyKgKQ9a0ltQ6DUVymm20N1c 18bE/FsA3Oo113yBg1Ld7/8nXBM9Ez9pBJkNf2RYcEzhKKtwZxWCykKIPiL7Ar1q 2I75kMUeiJjELbe5k2ZI6aJ7CYnGdOGtJZrZMfwL97r6sLbYvg9o3ZG2w6z/tJDI rpGWXuXNPL6rAsVJowctzdbIJj9mh3dhfOAu7Tb7rVXVvvRr/gkh8r3fIHS15Wgn BAQI+hyXytHxJBTrzGC6ENt/hN5Kb9YVmcZ6hI8dmtFK9k0XLi8Ye3ZgpOm2ZDyw E3qv1XOrcwjh2PVMeELdTg94Q96hmO0IiVHR+F0FwVn4LfCpCsvSgB1SWbe1ZQN5 6o4TIND4xh3oUCHpVexnNoWXcMKEelijjIqpTuZAkeobn8hgeDdYTCW3toYFcsWY CTIYUF7L9KlKd3yqfux4+bc4BFru6ijMI6qM7ajIzK/a0LrN65OtMjTwDfuTlZMP VroJ5HyshGhvZarX+HoUqA560UTAw+Rl4WLUiBxrFFDfNEVxEFI7WeGC2V56A/k9 yoyO4lVwYTxffU2hT35z6w4Q7/w7/uzc6tfY5gv6coz4npzT0ZFhzLimTcFk10xu TW7pps3brXo= =6NIH -----END PGP SIGNATURE-----
Index: nmap-service-probes =================================================================== --- nmap-service-probes (revision 7667) +++ nmap-service-probes (working copy) @@ -975,6 +975,7 @@ match mailq m|^version zmailer ([\d.]+)\n220 MAILQ-V2-CHALLENGE: | p/zmailer/ v/$1/ o/Unix/ match meetingmaker m/^\xc1,$/ p/Meeting Maker calendaring/ match melange m|^\+\+\+Online\r\n>> Melange Chat Server \(Version (\d[-.\w]+)\), Apr-25-1999\r\n\nWelcome | p/Melange Chat Server/ v/$1/ +match metasploit m|^\n.*=\[ msf v([^\r\n]+)\r?\n.*\d+ exploits.*\d+ payloads.*\d+ encoders.*\d+ nops.*msf > $|s p/Metasploit Framework msfd/ v/$1/ match midas m|^MIDASd v([\w.]+) connection accepted\n\xff| p/midasd/ v/$1/ match mpd m|^OK MPD ([\d.]+)\n$| p/Music Player Daemon/ v/$1/ # lopster 1.2.0.1 on Linux 1.1
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Metasploit Framework msfd matchline Kris Katterjohn (May 25)
- Re: [PATCH] Metasploit Framework msfd matchline Fyodor (May 25)