Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE]odd-port: script to detect port-service mismatches
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 28 Jun 2011 22:22:05 -0500

Correction to the @output section: I had the ports mismatched. Here's the
correct output:

-- @output
-- 3389/tcp open  ssh     OpenSSH 5.3
-- | odd-port: ssh on 3389/tcp
-- |   Expected ms-term-serv on 3389/tcp
-- |   Expected ports for ssh:
-- |_    22/tcp

On Tue, Jun 28, 2011 at 8:42 PM, Daniel Miller <bonsaiviking () gmail com>wrote:

Hey list,

Here's a script I banged out today that compares detected services
with expected values from nmap-services. In verbose mode, it outputs
what port it expected to find the service on, and what service (if
any) it expected to find on the port.

-- @output
-- 2222/tcp open  ssh     OpenSSH 5.3
-- | odd-port: ssh on 3389/tcp
-- |   Expected ms-term-serv on 3398/tcp
-- |   Expected ports for ssh:
-- |_    22/tcp

There are a couple of issues with the script that I'm hoping to get help
1. The script may run before a "version" script, which defeats the
purpose if the version script changes port.service. I expect there's a
way to fix this with dependencies, but I don't know if depending on a
category is supported.
2. Sometimes the name from nmap-services doesn't match the name from
nmap-service-probes, even if it is the same thing. I fixed this for
https by appending "s" to the end of services with
port.version.tunnel=="ssl", but there are still issues: ms-term-serv
vs microsoft-rdp, and microsoft-ds vs netbios-ssn, for instance.

Hope this helps someone!


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]