Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: quake-server-info.nse
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 06 Mar 2014 16:34:13 -0600

On 03/05/2014 02:50 PM, Ulrik Haugen wrote:
Did you get a chance to try it yet?

I have played around a bit with the script, and it's very nice. Your use of error() and pcall() is different than anything I've seen in NSE before, but I can see how it works well. I do have a couple questions, though:

I would like to add a nmap-service-probes fingerprint for quake1 servers, like so:

# Quake1 server info
Probe UDP Quake1_server_info q|\x80\x00\x00\x0c\x02\x51\x55\x41\x4b\x45\x00\x03|
rarity 9
ports 26000-26019
match quake m|^\x80\x00..\x83([^\x00]*)\x00([^\x00]*)\x00| p/Quake 1 server/ i/address: $1, name: $2/

So my first question is, how confident are you in the upper bound of 26019 for Quake servers? Is this really used that often? Or should this be limited to 26000-26004 like the Quake 3 probe?

Second, when you set the version information with nmap.set_port_version, could you be a little more concise? The port.version.name field should be one word all lowercase, "quake". The port.version.product field should be something more like "Quake 1 server". The port.version.version field could probably be reduced by not reporting the exact byte value ("0x03: ") and shortening the description to something like "released".

Regarding the output, I don't have a problem with how you've done it, though I would have done it differently myself. My only suggestion would be to remove the unnecessary "Target is running a Quake game server" heading, but keep the initial 2-space indent. The fact that the script gave output is proof that it is a Quake server, in addition to the mention in the SERVICE and VERSION fields.

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]