Nmap Development mailing list archives
[NSE]odd-port: script to detect port-service mismatches
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 28 Jun 2011 20:42:53 -0500
Hey list, Here's a script I banged out today that compares detected services with expected values from nmap-services. In verbose mode, it outputs what port it expected to find the service on, and what service (if any) it expected to find on the port. -- @output -- PORT STATE SERVICE VERSION -- 2222/tcp open ssh OpenSSH 5.3 -- | odd-port: ssh on 3389/tcp -- | Expected ms-term-serv on 3398/tcp -- | Expected ports for ssh: -- |_ 22/tcp There are a couple of issues with the script that I'm hoping to get help with: 1. The script may run before a "version" script, which defeats the purpose if the version script changes port.service. I expect there's a way to fix this with dependencies, but I don't know if depending on a category is supported. 2. Sometimes the name from nmap-services doesn't match the name from nmap-service-probes, even if it is the same thing. I fixed this for https by appending "s" to the end of services with port.version.tunnel=="ssl", but there are still issues: ms-term-serv vs microsoft-rdp, and microsoft-ds vs netbios-ssn, for instance. Hope this helps someone! Dan
Attachment:
odd-port.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE]odd-port: script to detect port-service mismatches Daniel Miller (Jun 28)
- Re: [NSE]odd-port: script to detect port-service mismatches Daniel Miller (Jun 28)