From 523c4f71048a7d97caf2167a00dbd5597b0d73f3 Mon Sep 17 00:00:00 2001 From: david Date: Sat, 12 Mar 2011 18:20:09 +0000 Subject: [PATCH] Remove -sR o.rpcscan handling; make -sR an alias for -sV. --- NmapOps.cc | 6 +--- NmapOps.h | 1 - nmap.cc | 5 ++-- nmap_rpc.cc | 2 +- nmap_rpc.h | 2 +- output.cc | 78 +++++++++++++++++++++++--------------------------- portlist.cc | 16 +++++++++-- portlist.h | 2 +- scan_engine.cc | 2 -- 9 files changed, 57 insertions(+), 57 deletions(-) diff --git a/NmapOps.cc b/NmapOps.cc index 40054859d..1052160ed 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -256,7 +256,7 @@ void NmapOps::Initialize() { version_intensity = 7; pingtype = PINGTYPE_UNKNOWN; listscan = allowall = ackscan = bouncescan = connectscan = 0; - rpcscan = nullscan = xmasscan = fragscan = synscan = windowscan = 0; + nullscan = xmasscan = fragscan = synscan = windowscan = 0; maimonscan = idlescan = finscan = udpscan = ipprotscan = 0; noportscan = noresolve = 0; sctpinitscan = 0; @@ -434,10 +434,6 @@ dialog where you can start NPF if you have administrator privileges."; } - if (numdecoys > 0 && rpcscan) { - error("WARNING: RPC scan currently does not make use of decoys so don't count on that protection"); - } - if (bouncescan && pingtype != PINGTYPE_NONE) log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -Pn so we don't try and ping them prior to the scan\n"); diff --git a/NmapOps.h b/NmapOps.h index 43b5ada0b..9933a5ab4 100644 --- a/NmapOps.h +++ b/NmapOps.h @@ -289,7 +289,6 @@ class NmapOps { int ipprotscan; int maimonscan; int nullscan; - int rpcscan; int synscan; int udpscan; int sctpinitscan; diff --git a/nmap.cc b/nmap.cc index 487aaa6a3..6a686c3d6 100644 --- a/nmap.cc +++ b/nmap.cc @@ -1185,7 +1185,8 @@ int nmap_main(int argc, char *argv[]) { case 'M': o.maimonscan = 1; break; case 'N': o.nullscan = 1; break; case 'O': o.ipprotscan = 1; break; - case 'R': o.rpcscan = 1; break; + /* Alias for -sV since March 2011. */ + case 'R': o.servicescan = 1; break; case 'S': o.synscan = 1; break; case 'T': o.connectscan = 1; break; case 'U': o.udpscan++; break; @@ -1856,7 +1857,7 @@ int nmap_main(int argc, char *argv[]) { service_scan(Targets); } - if (o.servicescan || o.rpcscan) { + if (o.servicescan) { /* This scantype must be after any TCP or UDP scans since it * get's it's port scan list from the open port list of the current * host rather than port list the user specified. diff --git a/nmap_rpc.cc b/nmap_rpc.cc index ed6524e70..6d14d57d9 100644 --- a/nmap_rpc.cc +++ b/nmap_rpc.cc @@ -1,6 +1,6 @@ /*************************************************************************** - * nmap_rpc.cc -- Functions related to the RPCGrind (-sR) facility of Nmap * + * nmap_rpc.cc -- Functions related to the RPCGrind facility of Nmap. * * This includes reading the nmap-rpc services file and sending rpc * * queries and interpreting responses. The actual scan engine used for * * rpc grinding is pos_scan (which is not in this file) * diff --git a/nmap_rpc.h b/nmap_rpc.h index c22451b99..0f41c8557 100644 --- a/nmap_rpc.h +++ b/nmap_rpc.h @@ -1,6 +1,6 @@ /*************************************************************************** - * nmap_rpc.h -- Functions related to the RPCGrind (-sR) facility of Nmap. * + * nmap_rpc.h -- Functions related to the RPCGrind facility of Nmap. * * This includes reading the nmap-rpc services file and sending rpc * * queries and interpreting responses. The actual scan engine used for * * rpc grinding is pos_scan (which is not in this file) * diff --git a/output.cc b/output.cc index 3e384d80e..d0b325f9b 100644 --- a/output.cc +++ b/output.cc @@ -230,7 +230,7 @@ static void print_xml_service(const struct serviceDeductions *sd) { xml_attribute("method", "%s", (sd->dtype == SERVICE_DETECTION_TABLE) ? "table" : "probed"); xml_attribute("conf", "%i", sd->name_confidence); - if (o.rpcscan && sd->rpc_status == RPC_STATUS_GOOD_PROG) { + if (sd->rpc_status == RPC_STATUS_GOOD_PROG) { xml_attribute("rpcnum", "%li", sd->rpc_program); xml_attribute("lowver", "%i", sd->rpc_lowver); xml_attribute("highver", "%i", sd->rpc_highver); @@ -595,7 +595,7 @@ void printportoutput(Target *currenths, PortList *plist) { servicecol = colno++; if (o.reason) reasoncol = colno++; - if (o.servicescan || o.rpcscan) + if (o.servicescan) versioncol = colno++; numrows = numports - numignoredports; @@ -687,48 +687,42 @@ void printportoutput(Target *currenths, PortList *plist) { if (sd.service_fp && saved_servicefps.size() <= 8) saved_servicefps.push_back(sd.service_fp); - if (o.rpcscan) { - switch (sd.rpc_status) { - case RPC_STATUS_UNTESTED: - rpcinfo[0] = '\0'; - strcpy(rpcmachineinfo, ""); - break; - case RPC_STATUS_UNKNOWN: - strcpy(rpcinfo, "(RPC (Unknown Prog #))"); - strcpy(rpcmachineinfo, "R"); - break; - case RPC_STATUS_NOT_RPC: - rpcinfo[0] = '\0'; - strcpy(rpcmachineinfo, "N"); - break; - case RPC_STATUS_GOOD_PROG: - name = nmap_getrpcnamebynum(sd.rpc_program); - Snprintf(rpcmachineinfo, sizeof(rpcmachineinfo), - "(%s:%li*%i-%i)", (name) ? name : "", sd.rpc_program, - sd.rpc_lowver, sd.rpc_highver); - if (!name) { - Snprintf(rpcinfo, sizeof(rpcinfo), "(#%li (unknown) V%i-%i)", - sd.rpc_program, sd.rpc_lowver, sd.rpc_highver); - } else { - if (sd.rpc_lowver == sd.rpc_highver) { - Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i)", name, - sd.rpc_lowver); - } else - Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i-%i)", name, - sd.rpc_lowver, sd.rpc_highver); - } - break; - default: - fatal("Unknown rpc_status %d", sd.rpc_status); - break; + switch (sd.rpc_status) { + case RPC_STATUS_UNTESTED: + rpcinfo[0] = '\0'; + strcpy(rpcmachineinfo, ""); + break; + case RPC_STATUS_UNKNOWN: + strcpy(rpcinfo, "(RPC (Unknown Prog #))"); + strcpy(rpcmachineinfo, "R"); + break; + case RPC_STATUS_NOT_RPC: + rpcinfo[0] = '\0'; + strcpy(rpcmachineinfo, "N"); + break; + case RPC_STATUS_GOOD_PROG: + name = nmap_getrpcnamebynum(sd.rpc_program); + Snprintf(rpcmachineinfo, sizeof(rpcmachineinfo), + "(%s:%li*%i-%i)", (name) ? name : "", sd.rpc_program, + sd.rpc_lowver, sd.rpc_highver); + if (!name) { + Snprintf(rpcinfo, sizeof(rpcinfo), "(#%li (unknown) V%i-%i)", + sd.rpc_program, sd.rpc_lowver, sd.rpc_highver); + } else { + if (sd.rpc_lowver == sd.rpc_highver) { + Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i)", name, + sd.rpc_lowver); + } else + Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i-%i)", name, + sd.rpc_lowver, sd.rpc_highver); } - Snprintf(serviceinfo, sizeof(serviceinfo), "%s%s%s", - (sd.name) ? sd.name : ((*rpcinfo) ? "" : "unknown"), - (sd.name) ? " " : "", rpcinfo); - } else { - current->getNmapServiceName(serviceinfo, sizeof(serviceinfo)); - rpcmachineinfo[0] = '\0'; + break; + default: + fatal("Unknown rpc_status %d", sd.rpc_status); + break; } + current->getNmapServiceName(serviceinfo, sizeof(serviceinfo), rpcinfo); + Tbl->addItem(rowno, portcol, true, portinfo); Tbl->addItem(rowno, statecol, false, state); Tbl->addItem(rowno, servicecol, true, serviceinfo); diff --git a/portlist.cc b/portlist.cc index d6b30b9f3..a3f672956 100644 --- a/portlist.cc +++ b/portlist.cc @@ -141,7 +141,7 @@ void Port::freeService() { Name nmap normal output will use to describe the port. This takes into account to confidence level, any SSL tunneling, etc. Truncates namebuf to 0 length if there is no room.*/ -void Port::getNmapServiceName(char *namebuf, int buflen) const { +void Port::getNmapServiceName(char *namebuf, int buflen, const char *rpcinfo) const { const char *tunnel_prefix; const char *service_name; int len; @@ -172,8 +172,20 @@ void Port::getNmapServiceName(char *namebuf, int buflen) const { } else { len = Snprintf(namebuf, buflen, "%sunknown", tunnel_prefix); } - if (len >= buflen || len < 0) + if (len >= buflen || len < 0) { namebuf[0] = '\0'; + return; + } + + if (rpcinfo != NULL && rpcinfo[0] != '\0') { + namebuf += len; + buflen -= len; + len = Snprintf(namebuf, buflen, " %s", rpcinfo); + if (len >= buflen || len < 0) { + namebuf[0] = '\0'; + return; + } + } } serviceDeductions::serviceDeductions() { diff --git a/portlist.h b/portlist.h index 4173b421e..1769acc25 100644 --- a/portlist.h +++ b/portlist.h @@ -178,7 +178,7 @@ class Port { public: Port(); void freeService(); - void getNmapServiceName(char *namebuf, int buflen) const; + void getNmapServiceName(char *namebuf, int buflen, const char *rpcinfo) const; u16 portno; u8 proto; diff --git a/scan_engine.cc b/scan_engine.cc index b16e6b196..e1e155e44 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -5482,8 +5482,6 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) { // When service scan is in use, we only want to scan ports that have already // been determined to be RPC - if (!o.servicescan) - break; // We do all open ports if no service scan if (!rsi.rpc_current_port) break; // done! target->ports.getServiceDeductions(rsi.rpc_current_port->portno, rsi.rpc_current_port->proto, &sd);