mailing list archives
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 06 Mar 2014 16:34:13 -0600
On 03/05/2014 02:50 PM, Ulrik Haugen wrote:
Did you get a chance to try it yet?
I have played around a bit with the script, and it's very nice. Your use
of error() and pcall() is different than anything I've seen in NSE
before, but I can see how it works well. I do have a couple questions,
I would like to add a nmap-service-probes fingerprint for quake1
servers, like so:
# Quake1 server info
Probe UDP Quake1_server_info
match quake m|^\x80\x00..\x83([^\x00]*)\x00([^\x00]*)\x00| p/Quake 1
server/ i/address: $1, name: $2/
So my first question is, how confident are you in the upper bound of
26019 for Quake servers? Is this really used that often? Or should this
be limited to 26000-26004 like the Quake 3 probe?
Second, when you set the version information with nmap.set_port_version,
could you be a little more concise? The port.version.name field should
be one word all lowercase, "quake". The port.version.product field
should be something more like "Quake 1 server". The port.version.version
field could probably be reduced by not reporting the exact byte value
("0x03: ") and shortening the description to something like "released".
Regarding the output, I don't have a problem with how you've done it,
though I would have done it differently myself. My only suggestion would
be to remove the unnecessary "Target is running a Quake game server"
heading, but keep the initial 2-space indent. The fact that the script
gave output is proof that it is a Quake server, in addition to the
mention in the SERVICE and VERSION fields.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/