Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] TN3270 version script

From: Andrew Jason Farabee <afarabee () uci edu>
Date: Fri, 28 Aug 2015 11:01:19 -0700
On Wed, Aug 26, 2015 at 11:30 AM, Phil <mainframed767 () gmail com> wrote:

Hi,

This script enhances the version detection for mainframes (or others, but mostly mainframes) running TN3270 and 
appropriately identifies ports which support TN3270 (either through IAC DO TN3270E or through the more common IAC 
SEND TTYPE).


Output:
PORT    STATE SERVICE    VERSION
23/tcp  open  tn3270     Telnet TN3270
992/tcp open  ssl/tn3270 Telnet TN3270 w/SSL

This is my first NSE script submission so let me know if there’s anything I’ve missed or need to change.


This looks good to me as an NSE script, I'm not too familiar with
service version detection stuff but there seem to be plenty of other
NSE scripts that do similar things for other services
(jdwp-version.nse, pptp-version.nse, etc).

Maybe it could include an agreed upon nmap.version_intensity() check
in portrule?  A telnet connection might be considered aggressive,  and
the portrule checks are casting a pretty wide net.  As far as I can
tell it's currently running this against pretty much any port running
an unknown service.

Also none of the other NSE version scripts use stdnse.verbose() and
only 2 of them (rpc-grind and netbus-version) use debug or debug1, so
these might not be appropriate for a version detection script.

Can someone else who knows a bit more about version detection weigh in on this?

Thanks for submitting your work!







_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: