dmiller
4620cc3df0
Reorder some probes to better match RDP and TLS
2018-11-06 15:07:04 +00:00
dmiller
70be64d592
Move TerminalServerCookie probe below more-likely TerminalServer probe. Probes are sent in file order, not rarity order
2018-11-05 18:12:12 +00:00
dmiller
959f722021
Process 274 service fingerprint submissions
2018-11-05 18:08:58 +00:00
fyodor
aa867cf1b7
Apply patch from Brandon Enright to handle underscores in part of the libssh banner. According to David Fifield's research, libssh switched to underscores in 2017, version 0.7.4
2018-10-23 20:09:52 +00:00
dmiller
53f5f5652e
Fix naming of Java RMI, which is not always the Registry
...
Added explanatory comments and links. The client endpoint identifier is
not the hostname (h// template) of the target. This could be any RMI
endpoint, such as `rmid` and not `rmiregistry`, so using "java-rmi"
instead of "rmiregistry" for the service name. Added port 10990
(rmiaux) based on IANA assignment.
Fixes #1342
2018-10-10 03:52:56 +00:00
dmiller
1ded1f082d
Fix service names for Java Obj Serialization, which is not RMI. See #1342
2018-10-10 03:52:55 +00:00
dmiller
ab28140b85
Don't escape unnecessary stuff in service probes
2018-09-05 18:36:56 +00:00
dmiller
087b445f17
Changing lots of patterns to only match within HTTP headers. See #1196
2018-08-02 16:20:56 +00:00
dmiller
6a2bfdfb2a
Use more efficient regexes in some matches. See #1196
2018-08-01 16:22:03 +00:00
dmiller
ed549d89a5
New service probe and match lines for ADB
2018-06-14 22:19:25 +00:00
dmiller
48ace808f6
Expand match for Google gsmtp. Closes #1215
2018-05-14 21:29:35 +00:00
dmiller
715d8829e1
Shorten version number capture to relevant portion. Fixes #1183
2018-04-13 21:10:27 +00:00
dmiller
7b311892d6
Standardize service names for shells
...
shell = Unix rsh service, usually 514/tcp
bindshell = unauthenticated command shell listening directly on a port
backdoor = software designed for surreptitious access
2018-03-08 04:39:25 +00:00
dmiller
c84d0a9c2b
Process 168 service fingerprints
2018-03-08 04:26:42 +00:00
dmiller
ef385e5b71
Avoid certain pathological regexes in service probe matches. Fixes #1147 , #1108
2018-03-05 22:35:53 +00:00
dmiller
8f36afdbc6
New payload and improved version matches for memcached
2018-03-02 19:07:14 +00:00
dmiller
b9f3fb910f
Process 132 service fingerprint submissions
2018-02-01 22:57:09 +00:00
dmiller
b7b29b0145
Telnet softmatches. Closes #1083
2018-01-25 16:12:49 +00:00
dmiller
9dac864443
Process 161 service fingerprint submissions
2018-01-18 18:11:31 +00:00
david
488437f57d
Add a tor-orport match for version 5 of the link protocol
2018-01-09 04:02:18 +00:00
david
06bb14c2a4
Use permalinks for tor-versions probe's reference URLs.
2018-01-09 04:02:17 +00:00
dmiller
bb0a7f557e
Process 239 service fingerprint submissions
2017-12-28 18:57:08 +00:00
fyodor
5f654ab8ea
Just updated copyright year
2017-12-11 03:31:23 +00:00
dmiller
d837a96275
Match about 1/5 of ARD servers
2017-11-30 04:46:50 +00:00
dmiller
eac495e3ad
New payload, probe, and matchline for Apple Remote Desktop
2017-11-30 04:20:24 +00:00
paulino
da5798da0f
Adds a new service detection match for WatchGuard Authentication Gateway SSO agent
2017-11-25 09:11:39 +00:00
dmiller
2af7a74e95
Add some more TLS/DTLS services to appropriate lists, based on IANA names and comments
2017-10-27 02:01:10 +00:00
dmiller
752beebe45
Keep PHP version in extrainfo, not version field. See #1042
2017-10-18 20:26:37 +00:00
dmiller
f4f28400b8
Add a match for odd nginx reverse proxy behavior. Fixes #787
2017-09-20 16:30:30 +00:00
tomsellers
a67240b58c
version.bind cleanup, cross protocol version probe fallbacks Closes #977
...
Full description in GitHub PR#977
o [GH#977] Improved DNS service version detection coverage and consitentcy
by using data from a Project Sonar Internet wide survey. Numerouse false
positives were removed and reliable softmatches added. Match lines for
version.bind responses were also conslidated using the technique below.
[Tom Sellers]
o [GH#977] Changed version probe fallbacks so as to work cross protocol
(TCP/UDP). This enables consolidating match lines for services where the
responses on TCP and UDP are similar. [Tom Sellers]
2017-09-13 11:03:40 +00:00
paulino
9e0f05a0f5
Decreases the rarity level of the probe for MS SQL
2017-08-17 01:08:43 +00:00
dmiller
1323cad17b
New helper function to unpack integers in nmap-service-probes
2017-08-01 22:09:22 +00:00
dmiller
0e3cadd316
Add 990/ftps as sslport for HELP probe
2017-07-31 21:52:31 +00:00
dmiller
1c79000aeb
Check more common IRC ports by default. Send SSL probes to ircs ports. See #941
2017-07-27 18:21:12 +00:00
dmiller
091eddf76f
Add 5986 (wsmans) as a SSL port. See #951
2017-07-27 03:17:43 +00:00
dmiller
8126635c66
Fix a typo and note a reason.
2017-06-05 22:05:40 +00:00
dmiller
4ac15a4e02
Process a few service corrections
2017-06-05 20:06:43 +00:00
paulino
bdb0d89648
Adds version detection signatures for Apache HBase and Hadoop MapReduce
2017-05-09 19:52:28 +00:00
dmiller
edbb4c90ed
Process 124 service fingerprints
2017-05-09 16:12:05 +00:00
paulino
6274868dee
Renames memcached probe and adds a new match for Apache ZooKeeper
2017-05-05 00:03:31 +00:00
dmiller
95850d5ac3
New script vmware-version
2017-05-03 18:22:02 +00:00
dmiller
4b65a1a247
Process 188 service fingerprints
2017-05-02 20:06:34 +00:00
dmiller
b2ed1d58b5
Process 129 service fingerprints
2017-04-24 20:05:46 +00:00
dmiller
bcdfa3d05d
Process 132 service fingerprints
2017-04-13 15:56:52 +00:00
dmiller
19acf2feaf
Update Redis version probe to skip comments. Fixes #789
2017-03-28 15:40:23 +00:00
dmiller
b4f10146e4
Process 94 service fingerprint submissions
2017-03-22 14:30:06 +00:00
dmiller
772bd8d824
Correct typos: receive, successfully, length
2017-03-15 02:23:09 +00:00
dmiller
46c27957a5
Process 179 service fingerprint submissions
2017-03-08 20:58:51 +00:00
dmiller
0b93e8da2e
New script impress-remote-discover. Closes #713
2017-03-04 19:54:56 +00:00
dmiller
4033fb9e51
Softmatch for sip to extract User-Agent header. See #645
2017-02-28 15:54:17 +00:00
