[NSE]odd-port: script to detect port-service mismatches

[Daniel Miller <bonsaiviking () gmail com>]

Hey list,

Here's a script I banged out today that compares detected services
with expected values from nmap-services. In verbose mode, it outputs
what port it expected to find the service on, and what service (if
any) it expected to find on the port.

-- @output
-- PORT     STATE SERVICE VERSION
-- 2222/tcp open  ssh     OpenSSH 5.3
-- | odd-port: ssh on 3389/tcp
-- |   Expected ms-term-serv on 3398/tcp
-- |   Expected ports for ssh:
-- |_    22/tcp

There are a couple of issues with the script that I'm hoping to get help with:
1. The script may run before a "version" script, which defeats the
purpose if the version script changes port.service. I expect there's a
way to fix this with dependencies, but I don't know if depending on a
category is supported.
2. Sometimes the name from nmap-services doesn't match the name from
nmap-service-probes, even if it is the same thing. I fixed this for
https by appending "s" to the end of services with
port.version.tunnel=="ssl", but there are still issues: ms-term-serv
vs microsoft-rdp, and microsoft-ds vs netbios-ssn, for instance.

Hope this helps someone!

Dan

Attachment: odd-port.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/