Let skypev2-version inspect service fingerprint

Saves up to 2 requests per service for otherwise unmatched services
2025-12-10 09:49:05 +00:00 · 2015-02-05 04:17:56 +00:00
parent bf58512bec
commit 24f88f9b83
1 changed files with 36 additions and 10 deletions
--- a/scripts/skypev2-version.nse
+++ b/scripts/skypev2-version.nse
@@ -2,6 +2,7 @@ local comm = require "comm"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local string = require "string"
+local U = require "lpeg-utility"

 description = [[
 Detects the Skype version 2 service.
@@ -28,22 +29,47 @@ portrule = function(host, port)
 end

 action = function(host, port)
-  local status, result = comm.exchange(host, port,
-    "GET / HTTP/1.0\r\n\r\n", {bytes=26, proto=port.protocol})
-  if (not status) then
-    return
+  local result, rand
+  -- Did the service engine already do the hard work?
+  if port.version and port.version.service_fp then
+    -- Probes sent, replies received, but no match.
+    result = U.get_response(port.version.service_fp, "GetRequest")
+    -- Loop through the ASCII probes most likely to receive random response
+    -- from Skype. Others will also recieve this response, but are harder to
+    -- distinguish from an echo service.
+    for _, p in ipairs({"HTTPOptions", "RTSPRequest"}) do
+      rand = U.get_response(port.version.service_fp, p)
+      if rand then
+        break
+      end
+    end
  end
+  local status
+  if not result then
+    -- Have to send the probe ourselves.
+    status, result = comm.exchange(host, port,
+      "GET / HTTP/1.0\r\n\r\n", {bytes=26, proto=port.protocol})
+
+    if (not status) then
+      return nil
+    end
+  end
+
  if (result ~= "HTTP/1.0 404 Not Found\r\n\r\n") then
    return
  end
-  -- So far so good, now see if we get random data for another request
-  status, result = comm.exchange(host, port,
-    "random data\r\n\r\n", {bytes=15, proto=port.protocol})

-  if (not status) then
-    return
+  -- So far so good, now see if we get random data for another request
+  if not rand then
+    status, rand = comm.exchange(host, port,
+      "random data\r\n\r\n", {bytes=15, proto=port.protocol})
+
+    if (not status) then
+      return
+    end
  end
-  if string.match(result, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then
+
+  if string.match(rand, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then
    -- Detected
    port.version.name = "skype2"
    port.version.product = "Skype"