Libraryshortport

Functions for building short portrules.

Since portrules are mostly the same for many scripts, thismodule provides functions for the most common tests.

Copyright © Same as Nmap--Seehttps://nmap.org/book/man-legal.html

Source:https://svn.nmap.org/nmap/nselib/shortport.lua

Functions

http (host, port)

A portrule that matches likely HTTP services.

port_is_excluded (port, proto)

Check if the port and its protocol are in the exclude directive.

port_or_service (ports, services, protos, states)

Return a portrule that returns true when given an open port matchingeither a port number or service name.

port_range (range)

Return a portrule that returns true when given an open port matching a port range

portnumber (ports, protos, states)

Return a portrule that returns true when given an open port matching asingle port number or a list of port numbers.

service (services, protos, states)

Return a portrule that returns true when given an open port with aservice name matching a single service name or a list of servicenames.

ssl (host, port)

A portrule that matches likely SSL services.

version_port_or_service (ports, services, protos, states, rarity)

Return a portrule that returns true when given an open port matchingeither a port number or service name and has not been listed in theexclude port directive of the nmap-service-probes file. If versionintensity is lesser than rarity value, portrule always returns false.

Functions

http (host, port)

A portrule that matches likely HTTP services.

Parameters

host

The host table to match against.

port

The port table to match against.

Usage:

portrule = shortport.http

Return value:

true if the port is likely to be HTTP,false otherwise.

port_is_excluded (port, proto)

Check if the port and its protocol are in the exclude directive.

Parameters

port

A port number.

proto

The protocol to match against, default"tcp".

Return value:

True if theport andprotocol arein the exclude directive.

port_or_service (ports, services, protos, states)

Return a portrule that returns true when given an open port matchingeither a port number or service name.

This function is a combination of theportnumber andservice functions. The port and service may be single values ora list of values as in those functions. This function exists because manyscripts explicitly try to run against the well-known ports, but want also torun against any other port which was discovered to run the named service.

Parameters

ports

A single port number or a list of port numbers.

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default"tcp".

states

A state or list of states to match against, default{"open","open|filtered"}.

Usage:

portrule = shortport.port_or_service(22,"ssh").

Return value:

Function for the portrule.

port_range (range)

Return a portrule that returns true when given an open port matching a port range

Parameters

range

A port range string in Nmap standard format (ex. "T:80,1-30,U:31337,21-25")

Return value:

Function for the portrule.

portnumber (ports, protos, states)

Return a portrule that returns true when given an open port matching asingle port number or a list of port numbers.

Parameters

ports

A single port number or a list of port numbers.

protos

The protocol or list of protocols to match against, default"tcp".

states

A state or list of states to match against, default{"open","open|filtered"}.

Usage:

portrule = shortport.portnumber({80, 443})

Return value:

Function for the portrule.

service (services, protos, states)

Return a portrule that returns true when given an open port with aservice name matching a single service name or a list of servicenames.

A service name is something like"http","https","smtp", or"ftp". These service names aredetermined by Nmap's version scan or (if no version scan information isavailable) the service assigned to the port innmap-services(e.g."http" for TCP port 80).

Parameters

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default"tcp".

states

A state or list of states to match against, default{"open","open|filtered"}.

Usage:

portrule = shortport.service("ftp")

Return value:

Function for the portrule.

ssl (host, port)

A portrule that matches likely SSL services.

Parameters

host

The host table to match against.

port

The port table to match against.

Usage:

portrule = shortport.ssl

Return value:

true if the port is likely to be SSL,false otherwise.

version_port_or_service (ports, services, protos, states, rarity)

Return a portrule that returns true when given an open port matchingeither a port number or service name and has not been listed in theexclude port directive of the nmap-service-probes file. If versionintensity is lesser than rarity value, portrule always returns false.

This function is a combination of theport_is_excludedandport_or_service functions. The port, service, proto maybe single values or a list of values as in those functions.This function can be used by version category scripts to check if agiven port and its protocol are in the exclude directive and that versionintensity is greater than or equal to the rarity value of the script.

Parameters

ports

 

services

Service name or a list of names to run against.

protos

The protocol or list of protocols to match against, default"tcp".

states

A state or list of states to match against, default{"open","open|filtered"}.

rarity

A minimum value of version script intensity, belowwhich the function always returns false, default 7.

Usage

• portrule = shortport.version_port_or_service(22)

• portrule = shortport.version_port_or_service(nil, "ssh", "tcp")

• portrule = shortport.version_port_or_service(nil, nil, "tcp", nil, 8)

Return value:

Function for the portrule.