Re: [NSE] port.version.name_confidence not settable via nmap.set_port_version()

[Henri Doreau <henri.doreau () gmail com>]

2013/10/23 Daniel Miller <bonsaiviking () gmail com>:
> List,
>
> Several scripts [1] are attempting to set port.version.name_confidence, but
> the NSE function nmap.set_port_version() does not support setting this
> value. The documentation
> (http://nmap.org/nsedoc/lib/nmap.html#set_port_version) seems clear, in that
> it does not list name_confidence as a settable value.
>
> Currently, name_confidence is set in portlist.cc
> (PortList::setServiceProbeResults) and follows this logic:
>
> if ( probestate == "hardmatched" or probestate == "softmatched" ) then
>   name_confidence = 10
> elseif ( probestate == "tcpwrapped" ) then
>   name_confidence = 8
> else
>   name_confidence = 3
> end
>
> I'd like to hear folks' thoughts on opening this up to setting via NSE. My
> current thoughts:
>
> PRO: Scripts will work as expected.
>
> CON: Scripts may use inappropriate values (especially less than 3)
>
> Dan
>
> [1] List of scripts that attempt to set name_confidence
> scripts/backorifice-brute.nse
> scripts/backorifice-info.nse
> scripts/cassandra-info.nse
> scripts/db2-das-info.nse
> scripts/drda-info.nse
> scripts/metasploit-info.nse
> scripts/mongodb-info.nse
> scripts/murmur-version.nse
> scripts/pptp-version.nse
> scripts/teamspeak2-version.nse
> scripts/ventrilo-info.nse
> scripts/wdb-version.nse
> scripts/xmpp-info.nse

Hi Dan,

that's interesting. In which case would a script set non-maxium
name_confidence? To be flexible and robust we could let scripts set
it, provide the scripts with two constants and return an error if
anything but these values is passed in?

Regards

-- 
Henri
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/