Nmap Development mailing list archives

Re: script for virtual host discovery


From: Martin Holst Swende <martin () swende se>
Date: Thu, 04 Nov 2010 20:41:42 +0100

On 11/04/2010 12:14 AM, Carlos Pantelides wrote:
7)
For the portrule, just use
    portrule = shortport.http
My idea is that as you may be searching services outside their normal ports, you can get http and https regardless of 
what you asked to nmap. If you want to restrict http-vhosts to http or https via script args, shortport can not deal 
with that, unless there is something I've missed. 
shortport.http includes http found on any port, not just standard ports.
It does imply that the service *has* been identified via service detection.

That is the reason of a previous shameful mail of mine (http://seclists.org/nmap-dev/2010/q4/134). Since then I been 
modifying the code of service_scan.cc and discovered that my best optimization regarding only identifying selected 
services run as fast (or slow) as --version-intensity 0. We can continue with this later in another thread.

That question is a pretty good one, and I think I have floated similar
questions. I think the best way would be by using a modified
nmap-service-probes which only contains the service you are interested in. 

Regards
/Martin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: