Michael Pattrick wrote:
> Hey tom,
>
> I just noticed that Brandon already posted a script for this, but I
> wrote one too! lol
>
> It lists all unidentified OS fingerprints(or all fingerprints if the
> scan was -v or -d) and all unidentified services.
> It requires the latest Nmap::Parser[1] and the output is like this:
>
>> perl getOS.pl scan.xml
> IP: 10.0.0.2
> SCAN(V=4.65%D=6/19%OT=14334%CT=%CU=42336%PV=Y%DS=1%G=N%M=0016D3%TM=485AFC95%P=x86_64-unknown-linux-gnu)
> SEQ(SP=FA%GCD=1%ISR=103%TI=I%II=I%SS=S%TS=0)
> OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
> ...snip...
> IE(R=Y%DFI=S%T=80%TOSI=Z%CD=Z%SI=S%DLI=S)
>
> Unidentified service, TCP port 14334:
> SF-Port14334-TCP:V=4.65%I=7%D=6/19%Time=485AFC82%P=x86_64-unknown-linux-gnu%r(GetRequest,20,"\xbf\x13\xde
> ...snip...
> SF:r\x88\x97a\x0c")%r(SIPOptions,20,"\xfc\xac\|\xf8\xa9\x04\x07\xa5\x20\x1
> SF:c\x88\xbc7k\]\xd1\xf3\xa7\xa8\x90\xb3qE\?\x8d\xa4\
>
> I hope this is what you were thinking of.
>
> Cheers,
> Michael
>
> [1] http://nmapparser.wordpress.com/
>
multiple large network segments
>> and then check the files for unidentified services and devices.
>>
>> I have some very basic c skills and looking at the code this change
>> looks like something I might be able to do. For the service portion
>> I think most of the changes would be in the program argument handling
>> section in nmap.cc, the output header file, some changes around
>> 822 in output.cc, and then making sure the file is closed properly.
>>
>> Any thoughts on this? Oh, if there is already a simple way to do
>> this please break out the clue stick and fill me in.
>>
>> Thanks,
>>
>>
Thanks to both of you for the info. That should cover my needs nicely.
Tom
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jun 19 2008
Intro
