mailing list archives
[NSE]odd-port: script to detect port-service mismatches
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 28 Jun 2011 20:42:53 -0500
Here's a script I banged out today that compares detected services
with expected values from nmap-services. In verbose mode, it outputs
what port it expected to find the service on, and what service (if
any) it expected to find on the port.
-- PORT STATE SERVICE VERSION
-- 2222/tcp open ssh OpenSSH 5.3
-- | odd-port: ssh on 3389/tcp
-- | Expected ms-term-serv on 3398/tcp
-- | Expected ports for ssh:
-- |_ 22/tcp
There are a couple of issues with the script that I'm hoping to get help with:
1. The script may run before a "version" script, which defeats the
purpose if the version script changes port.service. I expect there's a
way to fix this with dependencies, but I don't know if depending on a
category is supported.
2. Sometimes the name from nmap-services doesn't match the name from
nmap-service-probes, even if it is the same thing. I fixed this for
https by appending "s" to the end of services with
port.version.tunnel=="ssl", but there are still issues: ms-term-serv
vs microsoft-rdp, and microsoft-ds vs netbios-ssn, for instance.
Hope this helps someone!
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE]odd-port: script to detect port-service mismatches Daniel Miller (Jun 29)