From 5ca15a1dabe805c252a88cd285de488ee470efa7 Mon Sep 17 00:00:00 2001
From: doug <doug@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 22 Feb 2008 06:54:59 +0000
Subject: [PATCH] New probe for memcached

---
 nmap-service-probes | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/nmap-service-probes b/nmap-service-probes
index 339ac0f92..8a5e3bd28 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -2556,7 +2556,7 @@ match domain m|^\x80\xf0\x80\x12\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAA
 ##############################NEXT PROBE##############################
 Probe TCP GenericLines q|\r\n\r\n|
 rarity 1
-ports 21,23,35,43,79,98,110,113,119,199,214,264,449,505,510,540,587,616,628,666,731,782,1000,1010,1040-1043,1080,1212,1220,1248,1302,1400,1432,1467,1501,1505,1666,2010,2024,2600,3000,3005,3128,3310,3333,3940,5000,5400,5432,5555,5570,6112,6667-6670,7144,7145,7200,7780,8000,8138,9000-9003,9801,11371,11965,11211,13720,15000,19150,26214,26470,31416,30444,34012,56667
+ports 21,23,35,43,79,98,110,113,119,199,214,264,449,505,510,540,587,616,628,666,731,782,1000,1010,1040-1043,1080,1212,1220,1248,1302,1400,1432,1467,1501,1505,1666,2010,2024,2600,3000,3005,3128,3310,3333,3940,5000,5400,5432,5555,5570,6112,6667-6670,7144,7145,7200,7780,8000,8138,9000-9003,9801,11371,11965,13720,15000,19150,26214,26470,31416,30444,34012,56667
 
 match abc m|^Feedback\nError=You need unique ID to command ABC!| p/ABC Torrent http interface/
 match antivir m|^\0\0\x80\0$| p/drweb anti-virus/
@@ -5615,7 +5615,6 @@ match webster m/^DICTIONARY server protocol:\r\n\r\nContact name is/ p/Webster d
 
 ##############################NEXT PROBE##############################
 Probe TCP SSLSessionReq q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
-match memcache m|^ERROR\r\nERROR\r\n$| p/memcached/
 
 rarity 3
 ports 443,444,548,636,993,1241,1311,2000,4444,5550,7210,7272,8009,9001
@@ -6301,3 +6300,10 @@ Probe TCP HELP4STOMP q|HELP\n\n\0|
 rarity 8
 ports 6163,61613
 match stomp m|^ERROR\nmessage:Unknown STOMP action:.+ org\.apache\.activemq\.|s p/Apache ActiveMQ/
+
+
+# memcached, text mode protocol
+Probe TCP Memcached q|stats\r\n|
+rarity 8
+ports 11211
+match memcached m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/