Nmap Development mailing list archives
Re: VMware-fingerprint nse
From: Mark Baseggio <info () baseggio ca>
Date: Sun, 23 Jun 2013 15:03:41 -0400
Thanks David, with nmap 6.25 don't get the version back when running "nmap -sV --version-all -p44 <ip>" I get back: Nmap scan report for 10.0.2.209 Host is up (0.00026s latency). PORT STATE SERVICE VERSION 443/tcp open ssl/http VMware ESXi Server httpd I'm happy to add this as a service probe -- I just have to go figure out how to do that now. On Thu, Jun 20, 2013 at 1:06 AM, David Fifield <david () bamsoftware com>wrote:
On Thu, May 30, 2013 at 05:14:29PM -0400, Mark Baseggio wrote:I've created a nse that fingerprints vmware ESX/ESXi servers. This is my first foray into both Lua and nmap scripting, so please excuse any noob mistakes I might have made with this--I tried to follow the examples and tutorials as closely as possible. I would like to submit it for inclusion in nmap so others can benefit from it as well.Thanks for this contribution. It looks like this script would be better written as a version probe--all it does is send one stereotyped request and then do pattern matching on the reply. See http://nmap.org/book/vscan.html. In fact, it looks like we already have a service probe that makes a request similar to the one your script makes. However I wouldn't be surprised if it is broken, because it is missing an "HTTP POST" and doesn't have any matchlines. Probe TCP vmware-esx q|<soap:Envelope xmlns:xsd=" http://www.w3.org/2001/XMLSchema" ... Do you get anything useful from a "nmap -sV --version-all" against a port running this service? What if you modify the existing vmware-esx probe in nmap-service-probes? David Fifield
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- VMware-fingerprint nse Mark Baseggio (May 30)
- Re: VMware-fingerprint nse David Fifield (Jun 19)
- Re: VMware-fingerprint nse Mark Baseggio (Jun 23)
- Re: VMware-fingerprint nse David Fifield (Jun 23)
- Re: VMware-fingerprint nse Mark Baseggio (Jun 23)
- Re: VMware-fingerprint nse David Fifield (Jun 19)