diff --git a/nmap-service-probes b/nmap-service-probes index 0a3f963f0..1aa72eb49 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -1550,9 +1550,9 @@ match ssh m|^SSH-(\d[\d.]+)-lshd_(\d[-.\w]+) lsh - a free ssh\r\n\0\0| p/lshd se match ssh m/^SSH-([.\d]+)-Sun_SSH_(\S+)/ p/SunSSH/ v/$2/ i/protocol $1/ match ssh m/^SSH-([.\d]+)-meow roototkt by rebel/ p/meow SSH ROOTKIT/ i/protocol $1/ # Akamai hosted systems tend to run this - found on www.microsoft.com -match ssh m|^SSH-(\d[.\d]*)-AKAMAI-I\n$| p/Akamai-I SSH/ i/protocol $1/ -match ssh m|^SSH-(\d[.\d]*)-Server-V\n$| p/Akamai-I SSH/ i/protocol $1/ -match ssh m|^SSH-(\d[.\d]*)-Server-VI\n$| p/Akamai-I SSH/ i/protocol $1/ +match ssh m|^SSH-(\d[.\d]*)-(AKAMAI-I*)\n$| p/Akamai SSH/ v/$2/ i/protocol $1/ +match ssh m|^SSH-(\d[.\d]*)-(Server-V)\n$| p/Akamai SSH/ v/$2/ i/protocol $1/ +match ssh m|^SSH-(\d[.\d]*)-(Server-VI)\n$| p/Akamai SSH/ v/$2/ i/protocol $1/ match ssh m|^SSH-(\d[.\d]+)-Cisco-(\d[.\d]+)\n$| p/Cisco SSH/ v/$2/ i/protocol $1/ o/IOS/ match ssh m|^SSH-(\d[.\d]+)-CiscoIOS_([\d.]+)XA\n| p/Cisco SSH/ v/$2/ i/protocol $1; Chinese IOS XA/ o/IOS/ match ssh m|^\r\nDestination server does not have Ssh activated\.\r\nContact Cisco Systems, Inc to purchase a\r\nlicense key to activate Ssh\.\r\n| p/Cisco CSS SSH/ i/Unlicensed/ diff --git a/osscan.cc b/osscan.cc index 5e4022895..f7cb80b87 100644 --- a/osscan.cc +++ b/osscan.cc @@ -1175,8 +1175,15 @@ static struct AVal *gettestbyname(FingerPrint *FP, const char *name) { is already there. So initialize them to zero first if you only want to see the results from this match. if shortcircuit is zero, it does all the tests, otherwise it returns when the first one - fails. */ -static int AVal_match(struct AVal *reference, struct AVal *fprint, unsigned long *num_subtests, unsigned long *num_subtests_succeeded, int shortcut) { + fails. If you want details of the match process printed, pass n + onzero for 'verbose'. In that case, you may also pass in the group + name (SEQ, T1, etc) to have that extra info printed. If you pass 0 + for verbose, you might as well pass NULL for testGroupName as it + won't be used. */ +static int AVal_match(struct AVal *reference, struct AVal *fprint, + unsigned long *num_subtests, + unsigned long *num_subtests_succeeded, int shortcut, + int verbose, const char *testGroupName) { struct AVal *current_ref; struct AVal *current_fp; unsigned int number, number1; @@ -1249,6 +1256,10 @@ static int AVal_match(struct AVal *reference, struct AVal *fprint, unsigned long if (num_subtests) *num_subtests += subtests; return 0; } + if (verbose) + printf("%s.%s: \"%s\" NOMATCH \"%s\"\n", testGroupName, + current_ref->attribute, current_fp->value, + current_ref->value); } else subtests_succeeded++; /* Whew, we made it past one Attribute alive , on to the next! */ } @@ -1278,11 +1289,7 @@ double compare_fingerprints(FingerPrint *referenceFP, FingerPrint *observedFP, if (currentObservedTest) { new_subtests = new_subtests_succeeded = 0; AVal_match(currentReferenceTest->results, currentObservedTest, - &new_subtests, &new_subtests_succeeded, 0); - if (verbose && new_subtests_succeeded < new_subtests) - printf("Test %s differs in %li attributes\n", - currentReferenceTest->name, - new_subtests - new_subtests_succeeded); + &new_subtests, &new_subtests_succeeded, 0, verbose, currentReferenceTest->name); num_subtests += new_subtests; num_subtests_succeeded += new_subtests_succeeded; } @@ -1609,7 +1616,7 @@ do { if (i == numFPs - 1 || !currentFPs[i+1] || strcmp(currentFPs[i]->name, currentFPs[i+1]->name) != 0 || AVal_match(currentFPs[i]->results,currentFPs[i+1]->results, NULL, - NULL, 1) ==0) + NULL, 1, 0, NULL) ==0) { changed = 1; Strncpy(p, currentFPs[i]->name, end - p); diff --git a/service_scan.cc b/service_scan.cc index 48b4a61f5..a39723e67 100644 --- a/service_scan.cc +++ b/service_scan.cc @@ -1052,9 +1052,9 @@ void ServiceProbe::addMatch(const char *match, int lineno) { matches.push_back(newmatch); } -// Parses the given nmap-service-probes file into the AP class -/* Must NOT be static because I have external maintenance tools (servicematch) - which use this */ +/* Parses the given nmap-service-probes file into the AP class Must + NOT be made static because I have external maintenance tools + (servicematch) which use this */ void parse_nmap_service_probe_file(AllProbes *AP, char *filename) { ServiceProbe *newProbe; char line[2048]; diff --git a/service_scan.h b/service_scan.h index 08949d558..3faa860de 100644 --- a/service_scan.h +++ b/service_scan.h @@ -341,6 +341,11 @@ protected: /********************** PROTOTYPES ***********************************/ +/* Parses the given nmap-service-probes file into the AP class Must + NOT be made static because I have external maintenance tools + (servicematch) which use this */ +void parse_nmap_service_probe_file(AllProbes *AP, char *filename); + /* Execute a service fingerprinting scan against all open ports of the Targets specified. */ int service_scan(std::vector &Targets); diff --git a/utils.cc b/utils.cc index 369a670e2..769788fa8 100644 --- a/utils.cc +++ b/utils.cc @@ -725,9 +725,11 @@ static inline char* STRAPP(char *fmt, ...) { bp = 0; return(buf); } + if (left <= 0) + return buf; va_list ap; va_start(ap, fmt); - bp += vsnprintf (buf+bp, (left>0 ? left : 0), fmt, ap); + bp += vsnprintf (buf+bp, left, fmt, ap); va_end(ap); return(buf);