Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Output file option for capturing service and os fingerprints
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 19 Jun 2008 20:16:50 -0500

Michael Pattrick wrote:
Hey tom,

I just noticed that Brandon already posted a script for this, but I
wrote one too! lol

It lists all unidentified OS fingerprints(or all fingerprints if the
scan was -v or -d) and all unidentified services.
It requires the latest Nmap::Parser[1] and the output is like this:

perl getOS.pl scan.xml
IP: 10.0.0.2
SCAN(V=4.65%D=6/19%OT=14334%CT=%CU=42336%PV=Y%DS=1%G=N%M=0016D3%TM=485AFC95%P=x86_64-unknown-linux-gnu)
SEQ(SP=FA%GCD=1%ISR=103%TI=I%II=I%SS=S%TS=0)
OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
...snip...
IE(R=Y%DFI=S%T=80%TOSI=Z%CD=Z%SI=S%DLI=S)

Unidentified service, TCP port 14334:
SF-Port14334-TCP:V=4.65%I=7%D=6/19%Time=485AFC82%P=x86_64-unknown-linux-gnu%r(GetRequest,20,"\xbf\x13\xde
...snip...
SF:r\x88\x97a\x0c")%r(SIPOptions,20,"\xfc\xac\|\xf8\xa9\x04\x07\xa5\x20\x1
SF:c\x88\xbc7k\]\xd1\xf3\xa7\xa8\x90\xb3qE\?\x8d\xa4\

I hope this is what you were thinking of.

Cheers,
Michael

[1] http://nmapparser.wordpress.com/

  multiple large network segments
and then check the files for unidentified services and devices.

I have some very basic c skills and looking at the code this change
looks like something I might be able to do. For the service portion
I think most of the changes would be in the program argument handling
section in nmap.cc, the output header file, some changes around
822 in output.cc, and then making sure the file is closed properly.

Any thoughts on this?  Oh, if there is already a simple way to do
this please break out the clue stick and fill me in.

Thanks,



Thanks to both of you for the info.  That should cover my needs nicely.

Tom

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault