From 24f88f9b83bef9a6b6cfb144cc6be62f4475746c Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 5 Feb 2015 04:17:56 +0000 Subject: [PATCH] Let skypev2-version inspect service fingerprint Saves up to 2 requests per service for otherwise unmatched services --- scripts/skypev2-version.nse | 46 +++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/scripts/skypev2-version.nse b/scripts/skypev2-version.nse index d93d61046..c697b620d 100644 --- a/scripts/skypev2-version.nse +++ b/scripts/skypev2-version.nse @@ -2,6 +2,7 @@ local comm = require "comm" local nmap = require "nmap" local shortport = require "shortport" local string = require "string" +local U = require "lpeg-utility" description = [[ Detects the Skype version 2 service. @@ -28,22 +29,47 @@ portrule = function(host, port) end action = function(host, port) - local status, result = comm.exchange(host, port, - "GET / HTTP/1.0\r\n\r\n", {bytes=26, proto=port.protocol}) - if (not status) then - return + local result, rand + -- Did the service engine already do the hard work? + if port.version and port.version.service_fp then + -- Probes sent, replies received, but no match. + result = U.get_response(port.version.service_fp, "GetRequest") + -- Loop through the ASCII probes most likely to receive random response + -- from Skype. Others will also recieve this response, but are harder to + -- distinguish from an echo service. + for _, p in ipairs({"HTTPOptions", "RTSPRequest"}) do + rand = U.get_response(port.version.service_fp, p) + if rand then + break + end + end end + local status + if not result then + -- Have to send the probe ourselves. + status, result = comm.exchange(host, port, + "GET / HTTP/1.0\r\n\r\n", {bytes=26, proto=port.protocol}) + + if (not status) then + return nil + end + end + if (result ~= "HTTP/1.0 404 Not Found\r\n\r\n") then return end - -- So far so good, now see if we get random data for another request - status, result = comm.exchange(host, port, - "random data\r\n\r\n", {bytes=15, proto=port.protocol}) - if (not status) then - return + -- So far so good, now see if we get random data for another request + if not rand then + status, rand = comm.exchange(host, port, + "random data\r\n\r\n", {bytes=15, proto=port.protocol}) + + if (not status) then + return + end end - if string.match(result, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then + + if string.match(rand, "[^%s!-~].*[^%s!-~].*[^%s!-~]") then -- Detected port.version.name = "skype2" port.version.product = "Skype"