Nmap Service Resolution

This article discusses how Nmap, a popular network scanner, improves service resolution by using nmap-services and nmap-service-probes. The process involves parsing lines, removing comments, and separating data into three components per line. This allows for more accurate port mappings and enhances the overall capabilities of Nmap in network discovery.

There are two files we are interested in.

  • nmap-services: a list of well known services by port

  • nmap-service-probes: matching rules for detecting service by response

The default service to port mapping in Python socket module is incomplete.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# find that with mlocate
# file_path = '/usr/share/nmap/nmap-services'
file_path = "./nmap-services"
with open(file_path, 'r') as f:
line_list = f.read().split('\n')
for line in line_list:
if line.startswith("#"):
# it is a comment
continue
else:
# process this line
content = line.split('#')[0].strip() # strip away comments
components = content.split(" ")
# must be three.
assert len(components) == 3, f"abnormal component count for content: '{content}'"

Comments