Make sure to use version_intensity checks for version category scripts

2025-12-06 04:31:29 +00:00 · 2017-07-27 18:21:09 +00:00
parent 091eddf76f
commit 590618261c
7 changed files with 13 additions and 6 deletions
--- a/scripts/bacnet-info.nse
+++ b/scripts/bacnet-info.nse
@@ -60,7 +60,7 @@ categories = {"discovery", "version"}
 --
 --

-portrule = shortport.port_or_service(47808, "bacnet", {"udp","tcp"})
+portrule = shortport.version_port_or_service(47808, "bacnet", {"udp","tcp"})

 ---
 --  Table to look up the Vendor Name based on Vendor ID
--- a/scripts/fingerprint-strings.nse
+++ b/scripts/fingerprint-strings.nse
@@ -43,6 +43,8 @@ categories = {"version"}

 portrule = function (host, port)
  -- Run for any port that has a service fingerprint indicating an unknown service
+  -- OK to run at any version intensity (e.g. not checking nmap.version_intensity)
+  -- because no traffic is sent and lower intensity is more likely to not match.
  return port.version and port.version.service_fp
 end

--- a/scripts/fox-info.nse
+++ b/scripts/fox-info.nse
@@ -52,7 +52,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"discovery", "version"}


-portrule = shortport.port_or_service({1911, 4911}, "niagara-fox", "tcp")
+portrule = shortport.version_port_or_service({1911, 4911}, "niagara-fox", "tcp")

 --  Action Function that is used to run the NSE. This function will send the
 --  initial query to the host and port that were passed in via nmap. The
--- a/scripts/hnap-info.nse
+++ b/scripts/hnap-info.nse
@@ -60,7 +60,9 @@ categories = {
 }


-portrule = shortport.http
+portrule = function(host, port)
+  return (shortport.http(host,port) and nmap.version_intensity() >= 7)
+end

 local ELEMENTS = {["Type"] = "Type",
 ["DeviceName"] = "Device",
--- a/scripts/omron-info.nse
+++ b/scripts/omron-info.nse
@@ -51,7 +51,7 @@ categories = {"discovery", "version"}
 -- Function to define the portrule as per nmap standards
 --
 --
-portrule = shortport.port_or_service(9600, "fins", {"tcp", "udp"})
+portrule = shortport.version_port_or_service(9600, "fins", {"tcp", "udp"})

 ---
 --  Function to set the nmap output for the host, if a valid OMRON FINS packet
--- a/scripts/rpcinfo.nse
+++ b/scripts/rpcinfo.nse
@@ -81,7 +81,10 @@ categories = {"discovery", "default", "safe", "version"}


 -- don't match "rpcbind" because that's what version scan labels any RPC service
-portrule = shortport.portnumber(111, {"tcp", "udp"} )
+portrule = function(host, port)
+  return nmap.version_intensity() >= 7 and
+  shortport.portnumber(111, {"tcp", "udp"})(host, port)
+end

 action = function(host, port)

--- a/scripts/s7-info.nse
+++ b/scripts/s7-info.nse
@@ -50,7 +50,7 @@ categories = {"discovery", "version"}


 -- port rule for devices running on TCP/102
-portrule = shortport.port_or_service(102, "iso-tsap", "tcp")
+portrule = shortport.version_port_or_service(102, "iso-tsap", "tcp")

 ---
 -- Function to send and receive the S7COMM Packet