diff --git a/nse_nmaplib.cc b/nse_nmaplib.cc
index bbf500305..3a1f913f2 100644
--- a/nse_nmaplib.cc
+++ b/nse_nmaplib.cc
@@ -634,6 +634,38 @@ static int l_new_try (lua_State *L)
return 1;
}
+static int l_get_version_intensity (lua_State *L)
+{
+ static int intensity = -1;
+
+ if (intensity < 0) {
+ int is_script_intensity_set;
+ int script_intensity;
+
+ lua_getglobal(L, "nmap");
+ lua_getfield(L, -1, "registry");
+ lua_getfield(L, -1, "args");
+ lua_getfield(L, -1, "script-intensity");
+
+ script_intensity = lua_tointegerx(L, lua_gettop(L), &is_script_intensity_set);
+
+ lua_pop(L, 4);
+
+ if (is_script_intensity_set) {
+ if (script_intensity < 0 || script_intensity > 9)
+ error("Warning: Valid values of script arg script-intensity are between "
+ "0 and 9. Using %d nevertheless.\n", script_intensity);
+ intensity = script_intensity;
+ } else {
+ intensity = o.version_intensity;
+ }
+ }
+
+ lua_pushnumber(L, intensity);
+
+ return 1;
+}
+
static int l_get_verbosity (lua_State *L)
{
int verbosity;
@@ -912,6 +944,7 @@ int luaopen_nmap (lua_State *L)
{"clock", l_clock},
{"log_write", l_log_write},
{"new_try", l_new_try},
+ {"version_intensity", l_get_version_intensity},
{"verbosity", l_get_verbosity},
{"debugging", l_get_debugging},
{"have_ssl", l_get_have_ssl},
diff --git a/nselib/shortport.lua b/nselib/shortport.lua
index 6658c39eb..40b73c999 100644
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -128,26 +128,32 @@ end
--- Return a portrule that returns true when given an open port matching
-- either a port number or service name and has not been listed in the
--- exclude port directive of the nmap-service-probes file.
+-- exclude port directive of the nmap-service-probes file. If version
+-- intensity is lesser than rarity value, portrule always returns false.
--
-- This function is a combination of the port_is_excluded
-- and port_or_service functions. The port, service, proto may
-- be single values or a list of values as in those functions.
-- This function can be used by version category scripts to check if a
--- given port and its protocol are in the exclude directive.
+-- given port and its protocol are in the exclude directive and that version
+-- intensity is greater than or equal to the rarity value of the script.
-- @usage portrule = shortport.version_port_or_service(22)
-- @usage portrule = shortport.version_port_or_service(nil, "ssh", "tcp")
+-- @usage portrule = shortport.version_port_or_service(nil, nil, "tcp", nil, 8)
-- @param services Service name or a list of names to run against.
-- @param protos The protocol or list of protocols to match against, default
-- "tcp".
-- @param states A state or list of states to match against, default
-- {"open", "open|filtered"}.
+-- @param rarity A minimum value of version script intensity, below
+-- which the function always returns false, default 7.
-- @return Function for the portrule.
-version_port_or_service = function(ports, services, protos, states)
+version_port_or_service = function(ports, services, protos, states, rarity)
return function(host, port)
local p_s_check = port_or_service(ports, services, protos, states)
return p_s_check(host, port)
and not(port_is_excluded(port.number, port.protocol))
+ and (nmap.version_intensity() >= (rarity or 7))
end
end