PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity

Move service fingerprint unwrapping code from scripts to lpeg-utility

Browse Source
This commit is contained in:
dmiller
2015-02-05 04:17:54 +00:00
parent 29174ba87d
commit bf58512bec
3 changed files with 36 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/http-server-header.nse
View File

@@ -4,7 +4,6 @@ local table = require "table"
local shortport = require "shortport"
local nmap = require "nmap"
local stdnse = require "stdnse"
local lpeg = require "lpeg"
local U = require "lpeg-utility"
description = [[
@@ -37,43 +36,15 @@ portrule = function(host, port)
return (shortport.http(host,port) and nmap.version_intensity() >= 7)
end
-- Cache the returned pattern
local getquote = U.escaped_quote()
-- Substitution pattern to unescape a string
local unescape = lpeg.P {
-- Substitute captures
lpeg.Cs((lpeg.V "simple_char" + lpeg.V "unesc")^0),
-- Escape char is '\'
esc = lpeg.P "\\",
-- Simple char is anything but escape char
simple_char = lpeg.P(1) - lpeg.V "esc",
-- If we hit an escape, process specials or hex code, otherwise remove the escape
unesc = (lpeg.V "esc" * lpeg.Cs( lpeg.V "specials" + lpeg.V "code" + lpeg.P(1) ))/"%1",
-- single-char escapes. These are the only ones service_scan uses
specials = lpeg.S "trn0" / {t="\t", r="\r", n="\n", ["0"]="\0"},
-- hex escape: convert to char
code = (lpeg.P "x" * lpeg.C(lpeg.S "0123456789abcdefABCDEF"^-2))/function(c)
return string.char(tonumber(c,16)) end,
}
-- Turn the service fingerprint reply to a probe into a binary blob
local function get_response (fp, probe)
local i, e = string.find(fp, string.format("%s,%%x+,", probe))
if i == nil then return nil end
return unescape:match(getquote:match(fp, e+1))
end
action = function(host, port)
local responses = {}
-- Did the service engine already do the hard work?
if port.version and port.version.service_fp then
-- Probes sent, replies received, but no match. Unwrap the fingerprint:
local fp = string.gsub(port.version.service_fp, "\nSF:", "")
-- Probes sent, replies received, but no match.
-- Loop through the probes most likely to receive HTTP responses
for _, p in ipairs({"GetRequest", "GenericLines", "HTTPOptions",
"FourOhFourRequest", "NULL", "RTSPRequest", "Help", "SIPOptions"}) do
responses[#responses+1] = get_response(fp, p)
responses[#responses+1] = U.get_response(port.version.service_fp, p)
end
end
if #responses == 0 then