Nmap Development mailing list archives
Re: regarding set_port_version probestates
From: David Fifield <david () bamsoftware com>
Date: Sat, 8 Jan 2011 20:53:36 -0800
On Sat, Jan 01, 2011 at 03:47:13PM +0200, Toni Ruottu wrote:
On Sat, Jan 1, 2011 at 2:40 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:I am trying to find a way to express protocol/version assumptions from NSE scripts. Sometimes exploring host A reveals information about host B. For example host A could be running Gnutella and it might tell me it is connected to host B's port 12345. This information justifies running any gnutella protocol scripts against B:12345, but it does not justify reporting B:12345 as being open nor does it justify reporting that B:12345 is a gnutella server. A could be evil or broken. Ofcourse, if we get to run gnutella scripts against B:12345 we may be able to identify it as open or gnutella. On the other hand reporting these assumptions to user may be useful as long as it is made clear that they might be wrong. Can I use one of the probestates for this?Also, can I state such assumptions from when I am running nmap from the command-line. If I am looking for a gnutella server I might want to assume that all open ports are gnutella servers, or maybe my friend told me to scan his gnutella server on some funny port.
I'm afraid there's no easy way to do that. What I would do is make a copy of nmap-services, edit the relevant service name to be "gnutella" or whatever, and then run Nmap again with --servicedb. If there was a version probe I wanted to use, I would edit it to use ports 1-65535 and then use --versiondb. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- regarding set_port_version probestates Toni Ruottu (Jan 01)
- Re: regarding set_port_version probestates Toni Ruottu (Jan 01)
- Re: regarding set_port_version probestates David Fifield (Jan 08)
- Re: regarding set_port_version probestates Toni Ruottu (Jan 01)