mailing list archives
From: Ulrik Haugen <qha () lysator liu se>
Date: Fri, 07 Mar 2014 00:45:48 +0100
Daniel Miller <bonsaiviking () gmail com> wrote:
On 03/05/2014 02:50 PM, Ulrik Haugen wrote:
I have played around a bit with the script, and it's very nice. Your
use of error() and pcall() is different than anything I've seen in NSE
before, but I can see how it works well. I do have a couple questions,
I would like to add a nmap-service-probes fingerprint for quake1
servers, like so:
# Quake1 server info
Probe UDP Quake1_server_info
match quake m|^\x80\x00..\x83([^\x00]*)\x00([^\x00]*)\x00| p/Quake 1
server/ i/address: $1, name: $2/
So my first question is, how confident are you in the upper bound of
26019 for Quake servers? Is this really used that often? Or should
this be limited to 26000-26004 like the Quake 3 probe?
26000 through 26004 is probably fine, looking at
http://www.quakeservers.net/quake/servers/ it seems the vast majority of
servers is on 26000 and then it drops of rather quickly...
I've changed the portrule too. On this subject though, is there a way to
run a script on another set of ports except changing its portrule?
Second, when you set the version information with
nmap.set_port_version, could you be a little more concise? The
port.version.name field should be one word all lowercase, "quake". The
port.version.product field should be something more like "Quake 1
server". The port.version.version field could probably be reduced by
not reporting the exact byte value ("0x03: ") and shortening the
description to something like "released".
Regarding the output, I don't have a problem with how you've done it,
though I would have done it differently myself. My only suggestion
would be to remove the unnecessary "Target is running a Quake game
server" heading, but keep the initial 2-space indent. The fact that
the script gave output is proof that it is a Quake server, in addition
to the mention in the SERVICE and VERSION fields.
Sure, i've pruned these strings.
Updated version attached.
Description: Updated script
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/