In this chapter, you learned the inner workings of version detection in Nmap, including its phases, database structure, exclusions, and post-processors. The modbus-discover, ventrilo-info, and rpc-grind NSE version scripts were used as real examples of the advanced fingerprinting that NSE is able to perform.

At this point, you should be familiar not only with the version detection system of Nmap but also with the NSE API. You now have the knowledge required to perform advanced fingerprinting tasks against new services and improve the detection capabilities of Nmap. I encourage you to go write your first version detection script before continuing to the next chapter. It will also help you to practice some real-case scenarios of pattern matching ...