Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Service fingerprinting submissions

Re: Service fingerprinting submissions

From: <doug_at_hcsw.org>
Date: Sat, 19 Apr 2008 12:16:19 -0700

Hi Tavaris,

Brandon is correct: The fingerprints are submitted to the Nmap project
with the expectation that they will not be made public. You are correct
that %90+ of the FPs don't contain sensitive data, there are many
services that will echo the IP of the scanner or the host name of
the target device etc. and these would need to be removed manually.
Honestly, your two best bets are:
  * Try to use the nmap-service-probes DB. In general a match line in
    this file has almost all the important information about the
    submission embedded in it.
  * If you have a *simple* perl script or other stats gathering
    program you could send it to the list and maybe somebody from
    the Nmap project will find the time to run it on the data.
    They are stored in mbox format.

Best,

Doug

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Apr 19 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos