Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xmpp.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Apr 2011 12:15:44 -0700
On Sun, Apr 17, 2011 at 08:26:59PM +0400, Vasiliy Kulikov wrote:

I've written a basic version of XMPP server capabilities detection.
Currently it lacks some sanity checks, doesn't process xml quotation and
doesn't connects to the server as a server (only as a client).  Also it
needs more detailed description :)


Thank you for this script. I don't think it will be a problem to get it
merged.

Please change the name of the script arguments you use: names like
"host" and "port" are too generic. Use this, for example:

chost = stdnse.get_script_args("xmpp.host") or chost


Possible output:

    Host script results:
    | xmpp: 
    |   s2s: hermes.jabber.org:5269
    |   c2s: hermes.jabber.org:5222
    |   starttls
    |   mechanism: CRAM-MD5
    |   mechanism: LOGIN
    |   mechanism: PLAIN
    |   mechanism: DIGEST-MD5
    |   mechanism: SCRAM-SHA-1
    |_  compression: zlib



It tries to query _xmpp-{server,client}._tcp.%s SRV record and to connect
to the specified port.  Then it starts standard xml stream and processes
the answer.  It tries to identify: whether the server supports TLS, what
compression methods the server supports, what auth methods the server
supports.

I wonder whether it is acceptable to process both DNS and server scan in
a single script.  In case of division into xmpp-dns and xmpp-scan one
has to pass --script-args host=server to the script as the server SRV+A
record might differ from the A record.


I would prefer that the script not do a DNS SRV lookup. Other NSE
scripts don't work that way; rather, they have a portrule that causes
the script to be run when the script already appears to be the right
service. The way it is written now, the script will run for every host
(that is not identified by only an IP address).

I don't see why the host=server argument would be necessary; the name
doesn't seem to appear in the protocol, and you're only using it for the
TCP connection.

So I would prefer the script to use this:

portrule = shortport.port_or_service(5222, {"jabber", "xmpp-client"})
action = function(host, port)
  ...
end

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: