Nmap Development mailing list archives
Re: xmpp.nse
From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Apr 2011 12:15:44 -0700
On Sun, Apr 17, 2011 at 08:26:59PM +0400, Vasiliy Kulikov wrote:
I've written a basic version of XMPP server capabilities detection. Currently it lacks some sanity checks, doesn't process xml quotation and doesn't connects to the server as a server (only as a client). Also it needs more detailed description :)
Thank you for this script. I don't think it will be a problem to get it merged. Please change the name of the script arguments you use: names like "host" and "port" are too generic. Use this, for example: chost = stdnse.get_script_args("xmpp.host") or chost
Possible output: Host script results: | xmpp: | s2s: hermes.jabber.org:5269 | c2s: hermes.jabber.org:5222 | starttls | mechanism: CRAM-MD5 | mechanism: LOGIN | mechanism: PLAIN | mechanism: DIGEST-MD5 | mechanism: SCRAM-SHA-1 |_ compression: zlib
It tries to query _xmpp-{server,client}._tcp.%s SRV record and to connect to the specified port. Then it starts standard xml stream and processes the answer. It tries to identify: whether the server supports TLS, what compression methods the server supports, what auth methods the server supports. I wonder whether it is acceptable to process both DNS and server scan in a single script. In case of division into xmpp-dns and xmpp-scan one has to pass --script-args host=server to the script as the server SRV+A record might differ from the A record.
I would prefer that the script not do a DNS SRV lookup. Other NSE scripts don't work that way; rather, they have a portrule that causes the script to be run when the script already appears to be the right service. The way it is written now, the script will run for every host (that is not identified by only an IP address). I don't see why the host=server argument would be necessary; the name doesn't seem to appear in the protocol, and you're only using it for the TCP connection. So I would prefer the script to use this: portrule = shortport.port_or_service(5222, {"jabber", "xmpp-client"}) action = function(host, port) ... end David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- xmpp.nse Vasiliy Kulikov (Apr 17)
- Re: xmpp.nse David Fifield (Apr 18)
- Re: xmpp.nse David Fifield (Apr 18)
- Re: xmpp.nse Vasiliy Kulikov (Apr 21)
- Re: xmpp.nse Henri Doreau (Apr 30)
- Re: xmpp.nse Vasiliy Kulikov (May 04)
- Re: xmpp.nse Henri Doreau (May 07)
- Re: xmpp.nse Vasiliy Kulikov (May 08)
- Re: xmpp.nse Vasiliy Kulikov (May 15)
- Re: xmpp.nse Henri Doreau (May 22)
- Re: xmpp.nse Vasiliy Kulikov (May 22)
- Re: xmpp.nse Vasiliy Kulikov (Apr 21)
- Re: xmpp.nse Vasiliy Kulikov (May 08)