Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


Nmap Network Scanning

Version Scanning DB: nmap-service-probes

This file contains the probes that the Nmap service/version detection system (-sV or -A options) uses during port interrogation to determine what program is listening on a port. Example 14.2 offers a typical excerpt.

Example 14.2. Excerpt from nmap-service-probes

##############################NEXT PROBE##############################
# DNS Server status request: http://www.rfc-editor.org/rfc/rfc1035.txt
Probe UDP DNSStatusRequest q|\0\0\x10\0\0\0\0\0\0\0\0\0|
ports 53,135
match domain m|^\0\0\x90\x04\0\0\0\0\0\0\0\0|
# This one below came from 2 tested Windows XP boxes
match msrpc m|^\x04\x06\0\0\x10\0\0\0\0\0\0\0|
[...]
##############################NEXT PROBE##############################
Probe UDP Help q|help\r\n\r\n|
ports 7,13,37
match chargen m|@ABCDEFGHIJKLMNOPQRSTUVWXYZ|
match echo m|^help\r\n\r\n$|
match time m|^[\xc0-\xc5]...$|

The grammar of this file is fully described in Chapter 7, Service and Application Version Detection. While nmap-service-probes is more complex than nmap-services, the benefits of improving it can also be greater. Nmap can be taught to actually recognize a company's custom services, rather than simply guess based on nmap-services port registration.

Additionally, some administrators have been using version detection for tasks well beyond its original intended purpose. A short probe can cause Nmap to print the title of web pages, recognize worm-infected machines, locate open proxies, and more. A practical example of this is provided in the section called “SOLUTION: Hack Version Detection to Suit Custom Needs, such as Open Proxy Detection”.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]