Library shortport

Functions for building short portrules.

Since portrules are mostly the same for many scripts, this module provides functions for the most common tests.

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/shortport.lua

Functions

http (host, port)

A portrule that matches likely HTTP services.

port_is_excluded (port, proto)

Check if the port and its protocol are in the exclude directive.

port_or_service (ports, services, protos, states)

Return a portrule that returns true when given an open port matching either a port number or service name.

port_range (range)

Return a portrule that returns true when given an open port matching a port range

portnumber (ports, protos, states)

Return a portrule that returns true when given an open port matching a single port number or a list of port numbers.

service (services, protos, states)

Return a portrule that returns true when given an open port with a service name matching a single service name or a list of service names.

ssl (host, port)

A portrule that matches likely SSL services.

version_port_or_service (ports, services, protos, states, rarity)

Return a portrule that returns true when given an open port matching either a port number or service name and has not been listed in the exclude port directive of the nmap-service-probes file. If version intensity is lesser than rarity value, portrule always returns false.

Functions

http (host, port)

A portrule that matches likely HTTP services.

Parameters

host

The host table to match against.

port

The port table to match against.

Usage:

portrule = shortport.http

Return value:

true if the port is likely to be HTTP, false otherwise.

port_is_excluded (port, proto)

Check if the port and its protocol are in the exclude directive.

Parameters

port

A port number.

proto

The protocol to match against, default "tcp".

Return value:

True if the port and protocol are in the exclude directive.

port_or_service (ports, services, protos, states)

Return a portrule that returns true when given an open port matching either a port number or service name.

This function is a combination of the portnumber and service functions. The port and service may be single values or a list of values as in those functions. This function exists because many scripts explicitly try to run against the well-known ports, but want also to run against any other port which was discovered to run the named service.

Parameters

ports

A single port number or a list of port numbers.

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default "tcp".

states

A state or list of states to match against, default {"open", "open|filtered"}.

Usage:

portrule = shortport.port_or_service(22,"ssh").

Return value:

Function for the portrule.

port_range (range)

Return a portrule that returns true when given an open port matching a port range

Parameters

range

A port range string in Nmap standard format (ex. "T:80,1-30,U:31337,21-25")

Return value:

Function for the portrule.

portnumber (ports, protos, states)

Return a portrule that returns true when given an open port matching a single port number or a list of port numbers.

Parameters

ports

A single port number or a list of port numbers.

protos

The protocol or list of protocols to match against, default "tcp".

states

A state or list of states to match against, default {"open", "open|filtered"}.

Usage:

portrule = shortport.portnumber({80, 443})

Return value:

Function for the portrule.

service (services, protos, states)

Return a portrule that returns true when given an open port with a service name matching a single service name or a list of service names.

A service name is something like "http", "https", "smtp", or "ftp". These service names are determined by Nmap's version scan or (if no version scan information is available) the service assigned to the port in nmap-services (e.g. "http" for TCP port 80).

Parameters

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default "tcp".

states

A state or list of states to match against, default {"open", "open|filtered"}.

Usage:

portrule = shortport.service("ftp")

Return value:

Function for the portrule.

ssl (host, port)

A portrule that matches likely SSL services.

Parameters

host

The host table to match against.

port

The port table to match against.

Usage:

portrule = shortport.ssl

Return value:

true if the port is likely to be SSL, false otherwise.

version_port_or_service (ports, services, protos, states, rarity)

Return a portrule that returns true when given an open port matching either a port number or service name and has not been listed in the exclude port directive of the nmap-service-probes file. If version intensity is lesser than rarity value, portrule always returns false.

This function is a combination of the port_is_excluded and port_or_service functions. The port, service, proto may be single values or a list of values as in those functions. This function can be used by version category scripts to check if a given port and its protocol are in the exclude directive and that version intensity is greater than or equal to the rarity value of the script.

Parameters

ports

 

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default "tcp".

states

A state or list of states to match against, default {"open", "open|filtered"}.

rarity

A minimum value of version script intensity, below which the function always returns false, default 7.

Usage

• portrule = shortport.version_port_or_service(22)

• portrule = shortport.version_port_or_service(nil, "ssh", "tcp")

• portrule = shortport.version_port_or_service(nil, nil, "tcp", nil, 8)

Return value:

Function for the portrule.