Library shortport
Functions for building short portrules.
Since portrules are mostly the same for many scripts, this module provides functions for the most common tests.
Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html
Source: https://svn.nmap.org/nmap/nselib/shortport.lua
Functions
- http (host, port)
A portrule that matches likely HTTP services.
- port_is_excluded (port, proto)
Check if the port and its protocol are in the exclude directive.
- port_or_service (ports, services, protos, states)
Return a portrule that returns true when given an open port matching either a port number or service name.
- port_range (range)
Return a portrule that returns true when given an open port matching a port range
- portnumber (ports, protos, states)
Return a portrule that returns true when given an open port matching a single port number or a list of port numbers.
- service (services, protos, states)
Return a portrule that returns true when given an open port with a service name matching a single service name or a list of service names.
- ssl (host, port)
A portrule that matches likely SSL services.
- version_port_or_service (ports, services, protos, states, rarity)
Return a portrule that returns true when given an open port matching either a port number or service name and has not been listed in the exclude port directive of the nmap-service-probes file. If version intensity is lesser than rarity value, portrule always returns false.
Functions
- http (host, port)
-
A portrule that matches likely HTTP services.
Parameters
- host
- The host table to match against.
- port
- The port table to match against.
Usage:
portrule = shortport.http
Return value:
true
if the port is likely to be HTTP,false
otherwise. - port_is_excluded (port, proto)
-
Check if the port and its protocol are in the exclude directive.
Parameters
- port
- A port number.
- proto
- The protocol to match against, default
"tcp"
.
Return value:
True if theport
andprotocol
are in the exclude directive. - port_or_service (ports, services, protos, states)
-
Return a portrule that returns true when given an open port matching either a port number or service name.
This function is a combination of the
portnumber
andservice
functions. The port and service may be single values or a list of values as in those functions. This function exists because many scripts explicitly try to run against the well-known ports, but want also to run against any other port which was discovered to run the named service.Parameters
- ports
- A single port number or a list of port numbers.
- services
- Service name or a list of names to run against.
- protos
- The protocol or list of protocols to match against, default
"tcp"
. - states
- A state or list of states to match against, default
{
"open"
,"open|filtered"
}.
Usage:
portrule = shortport.port_or_service(22,"ssh").
Return value:
Function for the portrule. - port_range (range)
-
Return a portrule that returns true when given an open port matching a port range
Parameters
- range
- A port range string in Nmap standard format (ex. "T:80,1-30,U:31337,21-25")
Return value:
Function for the portrule. - portnumber (ports, protos, states)
-
Return a portrule that returns true when given an open port matching a single port number or a list of port numbers.
Parameters
- ports
- A single port number or a list of port numbers.
- protos
- The protocol or list of protocols to match against, default
"tcp"
. - states
- A state or list of states to match against, default
{
"open"
,"open|filtered"
}.
Usage:
portrule = shortport.portnumber({80, 443})
Return value:
Function for the portrule. - service (services, protos, states)
-
Return a portrule that returns true when given an open port with a service name matching a single service name or a list of service names.
A service name is something like
"http"
,"https"
,"smtp"
, or"ftp"
. These service names are determined by Nmap's version scan or (if no version scan information is available) the service assigned to the port innmap-services
(e.g."http"
for TCP port 80).Parameters
- services
- Service name or a list of names to run against.
- protos
- The protocol or list of protocols to match against, default
"tcp"
. - states
- A state or list of states to match against, default
{
"open"
,"open|filtered"
}.
Usage:
portrule = shortport.service("ftp")
Return value:
Function for the portrule. - ssl (host, port)
-
A portrule that matches likely SSL services.
Parameters
- host
- The host table to match against.
- port
- The port table to match against.
Usage:
portrule = shortport.ssl
Return value:
true
if the port is likely to be SSL,false
otherwise. - version_port_or_service (ports, services, protos, states, rarity)
-
Return a portrule that returns true when given an open port matching either a port number or service name and has not been listed in the exclude port directive of the nmap-service-probes file. If version intensity is lesser than rarity value, portrule always returns false.
This function is a combination of the
port_is_excluded
andport_or_service
functions. The port, service, proto may be single values or a list of values as in those functions. This function can be used by version category scripts to check if a given port and its protocol are in the exclude directive and that version intensity is greater than or equal to the rarity value of the script.Parameters
- ports
- services
- Service name or a list of names to run against.
- protos
- The protocol or list of protocols to match against, default
"tcp"
. - states
- A state or list of states to match against, default
{
"open"
,"open|filtered"
}. - rarity
- A minimum value of version script intensity, below which the function always returns false, default 7.
Usage
portrule = shortport.version_port_or_service(22)
portrule = shortport.version_port_or_service(nil, "ssh", "tcp")
portrule = shortport.version_port_or_service(nil, nil, "tcp", nil, 8)
Return value:
Function for the portrule.