Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[PATCH] Cleaner (and more) service version output and better error reporting
From: bmenrigh () ucsd edu
Date: Wed, 1 Apr 2009 21:02:01 -0700 (PDT)

[I apologize in advance for the poor quality of this email.  I'm using a
crappy webmail client.]

Developers,

Attached is a patch that slightly tweaks the product/version/info output
you get when you scan a machine with -sV

This need for this patch stems from the following error prints when too
much data is matched from a probe:

Warning: Servicescan failed to fill info_template (subjectlen: 1460). Too
long? Match string was line 3513: v/Apache httpd/$1/$2

That error is slightly misleading.  The problem is not with subjectlen
being too long, it is that the i/.../ match template captured too much
data (the current limit is 128 bytes).  I have improved the error to
include the length of the template and changed the text "Too long?" to
"Capture exceeded length?".

The other issues fixed with this patch are that when the final version
string is constructed, it is "[product] [version] ([extrainfo])" and the
maximum size is currently 128 chars.  If there isn't enough space to fit a
template in the string that template is dropped.  This can result in a
host print like this:

PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack Apache httpd 2.0.52

Notice that ever though extra info was captured, it was not reported.

This patch modifies the dropping to truncate instead.  If there isn't
enough room to report the full template it is truncated to whatever will
fit + "...".

Here is an example:

PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack Apache httpd 2.0.52 ((Red Hat)
mod_perl/1.99_16 Perl/v5.8.5 DAV/2 mod_jk/1.2.19...)

Fyodor and I agree that 128 chars is a little bit short when useful
information is available so I've increased the buffer to 160 chars.  In
the case of the host above, this is what is printed:

PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack Apache httpd 2.0.52 ((Red Hat)
mod_perl/1.99_16 Perl/v5.8.5 DAV/2 mod_jk/1.2.19 PHP/4.3.9
mod_python/3.1.3 Python/2.3.4 mod_ssl/2.0.52 OpenSSL/0.9.7a)

Finally, sometimes the product is not captured or even not the product and
not the version but extra info is captured.  In these cases a leading
space is always printed.  For example:

" (connection ok)"

This patch make sure spaces are only printed when they are needed to
separate the templates.

I've tested this patch some but I'd like someone with a sharper eye for
C/C++ to look it over.

Comments welcome,

Brandon

Attachment: versionout.patch.txt
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault