I think a good way to do that could be:
i = 0;
while (port = scanner_get_port(i++)) {
open_port = open_sock_tcp(port);
if (!open-port)
exit (0);
req1 = string("string to send\r\n");
send(socket: open_port, data: req1);
response1 = recv(socket:open_port, length:500);
}
This tests all the open ports for the current scan.
My 2 cents.
- J
George A. Theall wrote:
> On Thu, Jul 27, 2006 at 02:41:39PM -0400, Shawn Duffy wrote:
>
>
>> So I started messing with the tips you gave me from my initial
>> question and I am still running into difficulty...
>>
>> Below is a segment of code from the plugin... it should send a string
>> of data to any "unknown" port and check the response for an indication
>> that a proprietary service is running.
>>
>
> The code looks ok. You may want to add some debugging statements, for
> example, to show you what ports are being probed.
>
>
>> When I look at a pcap of the
>> exchange, it only appears to be connecting to each port but is not
>> actually sending the request to any of the ports:
>>
>
> Are you sure Nessus is marking those ports as unknown services? Grep the
> appropriate KB for "Services/unknown="; the values will be port numbers.
>
>
> George
>
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Aug 01 2006 - 01:37:13 PDT