From 09d8bf81be3f1984aeacb13f5081f5771cc2bb23 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 12 Feb 2018 04:36:43 +0000
Subject: [PATCH] Send any matching probes after a softmatch; do not filter by
 rarity

---
 CHANGELOG       | 4 ++++
 service_scan.cc | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8cb981dc7..24da9f937 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o When a soft match occurs, any probes that could result in a match with the
+  same service will be sent regardless of rarity, improving the chances of
+  matching unusual services on non-standard ports. [Daniel Miller]
+
 o --version-all now turns off the soft match optimization, ensuring that all
   probes really are sent, even if there aren't any existing match lines for the
   softmatched service. [Daniel Miller]
diff --git a/service_scan.cc b/service_scan.cc
index b886129b4..c6e3e5943 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -1870,8 +1870,10 @@ bool dropdown = false;
      // version detection intensity level.
      if ((proto == (*current_probe)->getProbeProtocol()) &&
          !(*current_probe)->portIsProbable(tunnel, portno) &&
-         (*current_probe)->getRarity() <= o.version_intensity &&
-         (!softMatchFound || o.version_intensity >= 9 || (*current_probe)->serviceIsPossible(probe_matched))) {
+         // No softmatch so obey intensity, or
+         ((!softMatchFound && (*current_probe)->getRarity() <= o.version_intensity) ||
+         // Softmatch, so only require service match (no rarity check)
+         (softMatchFound && (o.version_intensity >= 9 || (*current_probe)->serviceIsPossible(probe_matched))))) {
        // Valid, probe.  Let's do it!
        return *current_probe;
      }