Nmap Development mailing list archives
[PATCH] Allow NSE script to set service info without -sV
From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 19 Dec 2009 11:27:45 -0600
I have attached a patch that changes nmap behavior so that NSE scripts can modify a service's product, version, extrainfo, ostype and devicetype even if nmap was called without version detection (-sV). As far as I can tell nmap will not let you set these values unless version detection is requested. I often want to run very targeted scans against a service using a script, output that data to XML and then use ruby code to parse and report on the findings. If this change is implemented I can cut down on the network overhead and potential impact on my targets. In nse_nmaplib.cc starting at line 551 the code logic says that if a service scan is requested set all the service values (product, version, etc), if not just set the probe state, name and tunnel values. The change I made basically detects if any of the normally unset values have been populated, if so set the o.servicescan value to be true. I had tried just writing the values out without touching the o.servicescan variable but this tripped an assert in NmapOutputTable.cc because there were not enough columns allocated in the service table output. Ultimately the change I settled on consists of adding the following two lines to nse_nmaplib.cc: if ( product || version || extrainfo || hostname || ostype || devicetype ) o.servicescan = true; In my limited testing I have not found any problems or unexpected behaviors. Obviously it needs further testing and review from more experienced eyes. Any testing or feedback would be greatly appreciated. Thanks much, Tom
Attachment:
allow.nse.service.version.change.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [PATCH] Allow NSE script to set service info without -sV Tom Sellers (Dec 19)
- Re: [PATCH] Allow NSE script to set service info without -sV David Fifield (Dec 21)