Make sure to use version_intensity checks for version category scripts

nmap · Jul 27, 2017 · 5906182 · 5906182
1 parent 091eddf
commit 5906182
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 6 deletions.
diff --git a/scripts/bacnet-info.nse b/scripts/bacnet-info.nse
@@ -60,7 +60,7 @@ categories = {"discovery", "version"}
 --
 --
 
-portrule = shortport.port_or_service(47808, "bacnet", {"udp","tcp"})
+portrule = shortport.version_port_or_service(47808, "bacnet", {"udp","tcp"})
 
 ---
 --  Table to look up the Vendor Name based on Vendor ID

diff --git a/scripts/fingerprint-strings.nse b/scripts/fingerprint-strings.nse
@@ -43,6 +43,8 @@ categories = {"version"}
 
 portrule = function (host, port)
   -- Run for any port that has a service fingerprint indicating an unknown service
+  -- OK to run at any version intensity (e.g. not checking nmap.version_intensity)
+  -- because no traffic is sent and lower intensity is more likely to not match.
   return port.version and port.version.service_fp
 end
 

diff --git a/scripts/fox-info.nse b/scripts/fox-info.nse
@@ -52,7 +52,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"discovery", "version"}
 
 
-portrule = shortport.port_or_service({1911, 4911}, "niagara-fox", "tcp")
+portrule = shortport.version_port_or_service({1911, 4911}, "niagara-fox", "tcp")
 
 --  Action Function that is used to run the NSE. This function will send the
 --  initial query to the host and port that were passed in via nmap. The

diff --git a/scripts/hnap-info.nse b/scripts/hnap-info.nse
@@ -60,7 +60,9 @@ categories = {
 }
 
 
-portrule = shortport.http
+portrule = function(host, port)
+  return (shortport.http(host,port) and nmap.version_intensity() >= 7)
+end
 
 local ELEMENTS = {["Type"] = "Type",
 ["DeviceName"] = "Device",

diff --git a/scripts/omron-info.nse b/scripts/omron-info.nse
@@ -51,7 +51,7 @@ categories = {"discovery", "version"}
 -- Function to define the portrule as per nmap standards
 --
 --
-portrule = shortport.port_or_service(9600, "fins", {"tcp", "udp"})
+portrule = shortport.version_port_or_service(9600, "fins", {"tcp", "udp"})
 
 ---
 --  Function to set the nmap output for the host, if a valid OMRON FINS packet

diff --git a/scripts/rpcinfo.nse b/scripts/rpcinfo.nse
@@ -81,7 +81,10 @@ categories = {"discovery", "default", "safe", "version"}
 
 
 -- don't match "rpcbind" because that's what version scan labels any RPC service
-portrule = shortport.portnumber(111, {"tcp", "udp"} )
+portrule = function(host, port)
+  return nmap.version_intensity() >= 7 and
+  shortport.portnumber(111, {"tcp", "udp"})(host, port)
+end
 
 action = function(host, port)
 

diff --git a/scripts/s7-info.nse b/scripts/s7-info.nse
@@ -50,7 +50,7 @@ categories = {"discovery", "version"}
 
 
 -- port rule for devices running on TCP/102
-portrule = shortport.port_or_service(102, "iso-tsap", "tcp")
+portrule = shortport.version_port_or_service(102, "iso-tsap", "tcp")
 
 ---
 -- Function to send and receive the S7COMM Packet