The nmap-service-probes File

The keywords contained in the nmap-service-probes file are listed in Table 3-5.

Table 3-5. nmap-service-probes keywords

Keyword

Format

Probe
 
Probe <protocol> <probe name> <probe string>
match
 
match <service> <pattern> [version info]
softmatch
 
softmatch <service> <pattern>
ports
 
ports <portlist>
sslports
 
sslports <portlist>
Totalwaitms
 
totalwaitms <milliseconds>

Probes

A probe entry consists of the values shown in Table 3-6.

Table 3-6. Probe values

Parameter

Description

Protocol

TCP or UDP.

Probe name

Name of the probe (human-readable).

Probe string

String starting with a q, then a delimiter that will start and end the string sent. The string can consist of printable characters, as well as quoted unprintable characters and control characters in standard C or Perl notation.

Here are some example probe strings:

Probe TCP NULL q||

Send nothing, waiting the amount of time specified in totalwaitms.

Probe TCP GenericLines q|\r\n\r\n|

Send carriage return, newline, carriage return, newline.

Probe UDP DNSStatusRequest q|\0\0\x10\0\0\0\0\0\0\0\0\0|

Send the binary string 0x00 0x00 0x10 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00.

Matches

A match entry consists of the values defined in Table 3-7.

Table 3-7. Match values

Parameter

Description

Service

Name of the service the pattern matches.

Pattern

A Perl-compatible regular expression to match the expected response for this service. This is of the format m/regex/opts.

Version info

A field ...

Get Network Security Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial