Add version detection to quake3-info.nse, from Toni Ruottu.

2025-12-09 06:01:28 +00:00 · 2011-09-26 20:56:45 +00:00
parent 1d84cd8ec0
commit a48b91852c
2 changed files with 23 additions and 2 deletions
--- a/scripts/quake3-info.nse
+++ b/scripts/quake3-info.nse
@@ -57,7 +57,7 @@ Extracts information from a Quake3-like game server.

 author = "Toni Ruottu"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery", "safe"}
+categories = {"default", "discovery", "safe", "version"}

 require "shortport"
 require "stdnse"
@@ -216,6 +216,27 @@ action = function(host, port)

 	local basic, other = assorted(fields)

+	-- Previously observed version strings:
+	-- "tremulous 1.1.0 linux-x86_64 Aug  5 2010"
+	-- "ioq3 1.36+svn1933-1/Ubuntu linux-x86_64 Apr  4 2011"
+	local versionline = basic["version"]
+	if versionline then
+		local fields = stdnse.strsplit(" ", versionline)
+		local product = fields[1]
+		local version = fields[2]
+		local osline = fields[3]
+		port.version.name = "quake3"
+		port.version.product = product
+		port.version.version = version
+		if string.find(osline, "linux") then
+			port.version.ostype = "Linux"
+		end
+		if string.find(osline, "win") then
+			port.version.ostype = "Windows"
+		end
+		nmap.set_port_version(host, port, "hardmatched")
+	end
+
 	local fraglimit = fields["fraglimit"]
 	if not fraglimit then
 		fraglimit = "?"
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -171,7 +171,7 @@ Entry { filename = "pop3-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "pptp-version.nse", categories = { "version", } }
 Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
-Entry { filename = "quake3-info.nse", categories = { "default", "discovery", "safe", } }
+Entry { filename = "quake3-info.nse", categories = { "default", "discovery", "safe", "version", } }
 Entry { filename = "quake3-master-getservers.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "default", "safe", } }
 Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }