Nmap Development mailing list archives

Re: Fwd: hadoop and hbase information gathering

From: David Fifield <david () bamsoftware com>
Date: Wed, 9 Nov 2011 18:16:48 -0800

On Wed, Nov 09, 2011 at 08:32:08PM +0100, John Bond wrote:

On 1 November 2011 04:52, David Fifield <david () bamsoftware com>
wrote:> On Sun, Oct 30, 2011 at 10:46:33AM +0100, John Bond wrote:>>
On 14 October 2011 00:14, John Bond <john.r.bond () gmail com> wrote:>>
Okay. I can see the reason for this. All these different scripts run>
against different ports, but they are all HTTP. Patrick found that
his> university's Hadoop ran on different ports than the default.>>
Using shortport.http should take these scripts out of default, I
think,> because they will only get a response from a minority of web
servers. I> might even modify the rule to be "got a service match for
HTTP, but it> is *not* running on a common HTTP port." Then it could
be default again.

Ok i think i get what you mean i have updated the
port rule to us the following
portrule = function(host, port)
        local force = stdnse.get_script_args('hadoop-info.force')
        if not force then
                return shortport.http and port.number ~= 80 and port.number ~= 443
        else
                return true
        end
end


This is pretty close. (But you need shortport.http(host, port), not just
shortport.http, which is always true because it is a function value.)
What shortport.http is doing is
        (service match OR port match)
What we want is
        (service match AND NOT port match)
So what you've written is essentially
        (service match OR port match) AND NOT port match
        = (service match AND NOT port match) OR (port match AND NOT port match)
        = (service match AND NOT port match)
But I think it should include all the port numbers that shortport.http
knows about. In don't want the list of ports copied into every hadoop
script. Instead can you edit shortport.lua to have public
LIKELY_HTTP_SERVICES and LIKELY_HTTP_PORTS, and then rewrite the
portrules to use those?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: hadoop and hbase information gathering, (continued)
- Re: hadoop and hbase information gathering David Fifield (Oct 12)
  - Message not available
    - Fwd: hadoop and hbase information gathering John Bond (Oct 12)
    - Re: Fwd: hadoop and hbase information gathering David Fifield (Oct 13)
    - Re: Fwd: hadoop and hbase information gathering Patrick Donnelly (Oct 13)
    - Re: Fwd: hadoop and hbase information gathering Patrick Donnelly (Oct 13)
    - Re: Fwd: hadoop and hbase information gathering John Bond (Oct 13)
    - Re: Fwd: hadoop and hbase information gathering John Bond (Oct 30)
    - Re: Fwd: hadoop and hbase information gathering David Fifield (Oct 31)
    - Re: Fwd: hadoop and hbase information gathering David Fifield (Nov 08)
    - Re: Fwd: hadoop and hbase information gathering John Bond (Nov 09)
    - Re: Fwd: hadoop and hbase information gathering David Fifield (Nov 09)