Script fingerprint-strings

Script types: portrule
Categories: version
Download: https://svn.nmap.org/nmap/scripts/fingerprint-strings.nse

Script Summary

Prints the readable strings from service fingerprints of unknown services.

Nmap's service and application version detection engine sends named probes to target services and tries to identify them based on the response. When there is no match, Nmap produces a service fingerprint for submission. Sometimes, inspecting this fingerprint can give clues as to the identity of the service. However, the fingerprint is encoded and wrapped to ensure it doesn't lose data, which can make it hard to read.

This script simply unwraps the fingerprint and prints the readable ASCII strings it finds below the name of the probe it responded to. The probe names are taken from the nmap-service-probes file, not from the response.

Script Arguments

fingerprint-strings.n

The number of printable ASCII characters required to make up a "string" (Default: 4)

Example Usage

nmap -sV --script fingerprint-strings <target>

Script Output

| fingerprint-strings:
|   DNSStatusRequest, GenericLines, LANDesk-RC, TLSSessionReq:
|     bobo
|     bobobo
|   GetRequest, HTTPOptions, LPDString, NULL, RTSPRequest, giop, oracle-tns:
|     bobobo
|   Help, LDAPSearchReq, TerminalServer:
|     bobobo
|     bobobo
|   Kerberos, NotesRPC, SIPOptions:
|     bobo
|   LDAPBindReq:
|     bobobo
|     bobo
|     bobobo
|   SSLSessionReq, SSLv23SessionReq:
|     bobo
|     bobobo
|     bobo
|   afp:
|     bobo
|_    bobo

Requires

• stdnse
• nmap
• lpeg
• table
• tableaux

---

Author:

• Daniel Miller