diff --git a/CHANGELOG b/CHANGELOG index e485fb430..8cfd2e090 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [GH#694][NSE] ike-version now outputs information about supported attributes and + unknown vendor ids. Also, a new fingerprint for FortiGate VPNs was submitted + by Alexis La Goutte. [Daniel Miller] + o [GH#700] Enabled support for TLS SNI on the Windows platform. [nnposter] o [GH#686] Script tls-ticketbleed checks for the Ticketbleed vulnerability diff --git a/nselib/ike.lua b/nselib/ike.lua index f6f398666..c16255b9d 100644 --- a/nselib/ike.lua +++ b/nselib/ike.lua @@ -210,6 +210,7 @@ local function lookup(vendor_ids) vendor = nil, attribs = {}, } + local unmatched = {} local status, fingerprints status, fingerprints = load_fingerprints() @@ -242,10 +243,15 @@ local function lookup(vendor_ids) stdnse.debug2("IKE: Attribute: %s matches %s", vendor_id, row.text) break end + else + unmatched[#unmatched+1] = vendor_id end end end end + if next(unmatched) then + info.unknown_ids = unmatched + end --------------------------------------------------- diff --git a/scripts/ike-version.nse b/scripts/ike-version.nse index fbb9bbd02..1db3db520 100644 --- a/scripts/ike-version.nse +++ b/scripts/ike-version.nse @@ -19,8 +19,23 @@ Main and Aggressive Mode and sends multiple transforms per request. -- -- @output -- PORT STATE SERVICE REASON VERSION --- 500/udp open isakmp udp-response Cisco VPN Concentrator 3000 4.0.7 --- Service Info: OS: pSOS+; Device: VPN; CPE: cpe:/h:cisco:concentrator +-- 500/udp open isakmp udp-response Fortinet FortiGate v5 +-- | ike-version: +-- | vendor_id: Fortinet FortiGate v5 +-- | attributes: +-- | Dead Peer Detection v1.0 +-- |_ XAUTH +-- Service Info: OS: Fortigate v5; Device: Network Security Appliance; CPE: cpe:/h:fortinet:fortigate +-- +-- @xmloutput +-- Fortinet FortiGate v5 +-- +-- 1234567890abcdef +--
+-- +-- Dead Peer Detection v1.0 +-- XAUTH +--
--- @@ -103,25 +118,53 @@ action = function( host, port ) local ike_response = get_version(host, port) if ike_response then + -- get_version only returns something if ike.send_request().success == true + nmap.set_port_state(host, port, "open") -- Extra information found in the response. Kept for future reference. -- local mode = ike_response['mode'] -- local vids = ike_response['vids'] local info = ike_response['info'] + local set_version = false + local out = stdnse.output_table() if info.vendor ~= nil then - port.version.product = info.vendor.vendor - port.version.version = info.vendor.version + set_version = true + if info.vendor.vendor then + out.vendor_id = info.vendor.vendor + port.version.product = info.vendor.vendor + end + if info.vendor.version then + port.version.version = info.vendor.version + out.vendor_id = (out.vendor_id or "") .. " " .. info.vendor.version + end port.version.ostype = info.vendor.ostype port.version.devicetype = info.vendor.devicetype table.insert(port.version.cpe, info.vendor.cpe) - - nmap.set_port_version(host, port, "hardmatched") - nmap.set_port_state(host, port, "open") end + + local attribs = {} + for i, attrib in ipairs(info.attribs) do + attribs[i] = attrib.text + if attrib.ostype or attrib.devicetype or attrib.cpe then + set_version = true + port.version.ostype = port.version.ostype or attrib.ostype + port.version.devicetype = port.version.devicetype or attrib.devicetype + table.insert(port.version.cpe, attrib.cpe) + end + end + + out.unmatched_ids = info.unmatched_ids + if next(attribs) then + out.attributes = attribs + end + + if set_version then + nmap.set_port_version(host, port, "hardmatched") + end + stdnse.debug1("Version: %s", port.version.product ) + return out end - stdnse.debug1("Version: %s", port.version.product ) - return end