Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Fwd: hadoop and hbase information gathering
From: David Fifield <david () bamsoftware com>
Date: Wed, 9 Nov 2011 18:16:48 -0800

On Wed, Nov 09, 2011 at 08:32:08PM +0100, John Bond wrote:
On 1 November 2011 04:52, David Fifield <david () bamsoftware com>
wrote:> On Sun, Oct 30, 2011 at 10:46:33AM +0100, John Bond wrote:>>
On 14 October 2011 00:14, John Bond <john.r.bond () gmail com> wrote:>>
Okay. I can see the reason for this. All these different scripts run>
against different ports, but they are all HTTP. Patrick found that
his> university's Hadoop ran on different ports than the default.>>
Using shortport.http should take these scripts out of default, I
think,> because they will only get a response from a minority of web
servers. I> might even modify the rule to be "got a service match for
HTTP, but it> is *not* running on a common HTTP port." Then it could
be default again.

Ok i think i get what you mean i have updated the
port rule to us the following
portrule = function(host, port)
        local force = stdnse.get_script_args('hadoop-info.force')
        if not force then
                return shortport.http and port.number ~= 80 and port.number ~= 443
        else
                return true
        end
end

This is pretty close. (But you need shortport.http(host, port), not just
shortport.http, which is always true because it is a function value.)
What shortport.http is doing is
        (service match OR port match)
What we want is
        (service match AND NOT port match)
So what you've written is essentially
        (service match OR port match) AND NOT port match
        = (service match AND NOT port match) OR (port match AND NOT port match)
        = (service match AND NOT port match)
But I think it should include all the port numbers that shortport.http
knows about. In don't want the list of ports copied into every hadoop
script. Instead can you edit shortport.lua to have public
LIKELY_HTTP_SERVICES and LIKELY_HTTP_PORTS, and then rewrite the
portrules to use those?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault