ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ--- -- Functions for building short portrules. -- -- Since portrules are mostly the same for many scripts, this -- module provides functions for the most common tests. -- -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html local nmap = require "nmap" local stdnse = require "stdnse" local tableaux = require "tableaux" local comm _ENV = stdnse.module("shortport", stdnse.seeall) -- Just like tableaux.contains, but can match simple port ranges local function port_includes(t, value) for _, elem in ipairs(t) do if elem == value then return true elseif type(elem) == "string" then local pstart, pend = elem:match("^(%d+)%-(%d+)$") if not pstart then pstart = elem:match("^(%d+)$") pend = pstart end pstart, pend = tonumber(pstart), tonumber(pend) assert(pstart,"Incorrect port range specification.") assert(pstart<=pend,"Incorrect port range specification, the starting port should have a smaller value than the ending port.") assert(pstart>-1 and pend<65536, "Port range number out of range (0-65535).") if value >= pstart and value <= pend then return true end end end return false end --- Check if the port and its protocol are in the exclude directive. -- -- @param port A port number. -- @param proto The protocol to match against, default "tcp". -- @return True if the port and protocol are -- in the exclude directive. port_is_excluded = function(port, proto) proto = proto or "tcp" return nmap.port_is_excluded(port, proto) end --- Return a portrule that returns true when given an open port matching a -- single port number or a list of port numbers. -- @param ports A single port number or a list of port numbers. -- @param protos The protocol or list of protocols to match against, default -- "tcp". -- @param states A state or list of states to match against, default -- {"open", "open|filtered"}. -- @return Function for the portrule. -- @usage portrule = shortport.portnumber({80, 443}) portnumber = function(ports, protos, states) protos = protos or "tcp" states = states or {"open", "open|filtered"} if type(ports) ~= "table" then ports = {ports} end if type(protos) ~= "table" then protos = {protos} end if type(states) ~= "table" then states = {states} end return function(host, port) return port_includes(ports, port.number) and tableaux.contains(protos, port.protocol, true) and tableaux.contains(states, port.state, true) end end --- Return a portrule that returns true when given an open port with a -- service name matching a single service name or a list of service -- names. -- -- A service name is something like "http", "https", -- "smtp", or "ftp". These service names are -- determined by Nmap's version scan or (if no version scan information is -- available) the service assigned to the port in nmap-services -- (e.g. "http" for TCP port 80). -- @param services Service name or a list of names to run against. -- @param protos The protocol or list of protocols to match against, default -- "tcp". -- @param states A state or list of states to match against, default -- {"open", "open|filtered"}. -- @return Function for the portrule. -- @usage portrule = shortport.service("ftp") service = function(services, protos, states) protos = protos or "tcp" states = states or {"open", "open|filtered"} if type(services) ~= "table" then services = {services} end if type(protos) ~= "table" then protos = {protos} end if type(states) ~= "table" then states = {states} end return function(host, port) return tableaux.contains(services, port.service, true) and tableaux.contains(protos, port.protocol, true) and tableaux.contains(states, port.state, true) end end --- Return a portrule that returns true when given an open port matching -- either a port number or service name. -- -- This function is a combination of the portnumber and -- service functions. The port and service may be single values or -- a list of values as in those functions. This function exists because many -- scripts explicitly try to run against the well-known ports, but want also to -- run against any other port which was discovered to run the named service. -- @usage portrule = shortport.port_or_service(22,"ssh"). -- @param ports A single port number or a list of port numbers. -- @param services Service name or a list of names to run against. -- @param protos The protocol or list of protocols to match against, default -- "tcp". -- @param states A state or list of states to match against, default -- {"open", "open|filtered"}. -- @return Function for the portrule. port_or_service = function(ports, services, protos, states) return function(host, port) local port_checker = portnumber(ports, protos, states) local service_checker = service(services, protos, states) return port_checker(host, port) or service_checker(host, port) end end --- Return a portrule that returns true when given an open port matching -- either a port number or service name and has not been listed in the -- exclude port directive of the nmap-service-probes file. If version -- intensity is lesser than rarity value, portrule always returns false. -- -- This function is a combination of the port_is_excluded -- and port_or_service functions. The port, service, proto may -- be single values or a list of values as in those functions. -- This function can be used by version category scripts to check if a -- given port and its protocol are in the exclude directive and that version -- intensity is greater than or equal to the rarity value of the script. -- @usage portrule = shortport.version_port_or_service(22) -- @usage portrule = shortport.version_port_or_service(nil, "ssh", "tcp") -- @usage portrule = shortport.version_port_or_service(nil, nil, "tcp", nil, 8) -- @param services Service name or a list of names to run against. -- @param protos The protocol or list of protocols to match against, default -- "tcp". -- @param states A state or list of states to match against, default -- {"open", "open|filtered"}. -- @param rarity A minimum value of version script intensity, below -- which the function always returns false, default 7. -- @return Function for the portrule. version_port_or_service = function(ports, services, protos, states, rarity) return function(host, port) local p_s_check = port_or_service(ports, services, protos, states) return p_s_check(host, port) and not(port_is_excluded(port.number, port.protocol)) and (nmap.version_intensity() >= (rarity or 7)) end end --[[ Apache Tomcat HTTP server default ports: 8180 and 8000 Litespeed webserver default ports: 8088 and 7080 --]] LIKELY_HTTP_PORTS = { 80, 443, 631, 7080, 8080, 8443, 8088, 5800, 3872, 8180, 8000 } LIKELY_HTTP_SERVICES = { "http", "https", "ipp", "http-alt", "https-alt", "vnc-http", "oem-agent", "soap", "http-proxy", "caldav", "carddav", "webdav", } --- -- A portrule that matches likely HTTP services. -- -- @name http -- @class function -- @param host The host table to match against. -- @param port The port table to match against. -- @return true if the port is likely to be HTTP, -- false otherwise. -- @usage -- portrule = shortport.http http = port_or_service(LIKELY_HTTP_PORTS, LIKELY_HTTP_SERVICES) local LIKELY_SSL_PORTS = { 261, -- nsiiops 271, -- pt-tls 324, -- rpki-rtr-tls 443, -- https 465, -- smtps 563, -- snews/nntps 585, -- imap4-ssl 636, -- ldapssl 853, -- domain-s 989, -- ftps-data 990, -- ftps-control 992, -- telnets 993, -- imaps 994, -- ircs 995, -- pop3s 2221, -- ethernet-ip-s 2252, -- njenet-ssl 2376, -- docker-s 3269, -- globalcatLDAPssl 3389, -- ms-wbt-server 4433, -- openssl s_server 4911, -- ssl/niagara-fox 5061, -- sip-tls 5986, -- wsmans 6679, 6697, 8443, -- https-alt 9001, -- tor-orport 8883, -- secure-mqtt } local LIKELY_SSL_SERVICES = { "ftps", "ftps-data", "ftps-control", "https", "https-alt", "imaps", "ircs", "ldapssl", "ms-wbt-server", "pop3s", "sip-tls", "smtps", "telnets", "tor-orport", } --- -- A portrule that matches likely SSL services. -- -- @param host The host table to match against. -- @param port The port table to match against. -- @return true if the port is likely to be SSL, -- false otherwise. -- @usage -- portrule = shortport.ssl function ssl(host, port) if (port.version and port.version.service_tunnel == "ssl") or port_or_service(LIKELY_SSL_PORTS, LIKELY_SSL_SERVICES, {"tcp", "sctp"})(host, port) then return true end -- If we're just looking up port info, stop here. if not host then return false end -- if we didn't detect something *not* SSL, check it ourselves -- but don't check if it's an excluded port if port.version and port.version.name_confidence <= 3 and host.registry and not nmap.port_is_excluded(port.number, port.protocol) then comm = comm or require "comm" host.registry.ssl = host.registry.ssl or {} local mtx = nmap.mutex(host.registry.ssl) mtx "lock" local v = host.registry.ssl[port.number .. port.protocol] if v == nil then -- probes from nmap-service-probes for _, probe in ipairs({ --TLSSessionReq "\x16\x03\0\0\x69\x01\0\0\x65\x03\x03U\x1c\xa7\xe4random1random2random3\z random4\0\0\x0c\0/\0\x0a\0\x13\x009\0\x04\0\xff\x01\0\0\x30\0\x0d\0,\0*\0\z \x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\z \x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\z \x05\x03\x05\x02", -- SSLSessionReq "\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\z \x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\z \0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\z \x08\0\x06\0\x03\x01\0", }) do local status, resp = comm.exchange(host, port, probe) if status and resp then if resp:match("^\x16\x03[\0-\x03]..\x02...\x03[\0-\x03]") or resp:match("^\x15\x03[\0-\x03]\0\x02\x02[F\x28]") then -- Definitely SSL v = true break elseif not resp:match("^[\x16\x15]\x03") then -- Something definitely not SSL v = false break end -- Something else? better try the other probes end end host.registry.ssl[port.number .. port.protocol] = v or false end mtx "done" return v end return false end local LIKELY_SSH_PORTS = { -- Top ssh ports on shodanhq.com 22, 2222, 55554, --666, -- 86% SSH, but we'd like to be more certain. 22222, 2382, -- And others reported by users 830, -- netconf-ssh } -- This part isn't really necessary, since -sV will reliably detect SSH local LIKELY_SSH_SERVICES = { 'ssh', 'netconf-ssh' } -- A portrule that matches likely SSH services. -- -- @name ssh -- @class function -- @param host The host table to match against. -- @param port The port table to match against. -- @return true if the port is likely to be SSH, -- false otherwise. -- @usage -- portrule = shortport.ssh ssh = port_or_service(LIKELY_SSH_PORTS, LIKELY_SSH_SERVICES) --- Return a portrule that returns true when given an open port matching a port range -- --@param range A port range string in Nmap standard format (ex. "T:80,1-30,U:31337,21-25") --@return Function for the portrule. function port_range(range) assert(type(range)=="string" and range~="","Incorrect port range specification.") local ports = { tcp = {}, udp = {}, } local proto = "both" local pos = 1 repeat local i, j, protspec = range:find("^%s*([TU:]+)", pos) if i then pos = j + 1 if protspec == "U:" then proto = "udp" elseif protspec == "T:" then proto = "tcp" else assert(protspec == "", "Incorrect port range specification.") end end repeat local i, j, portspec = range:find("^%s*([%d%-]+),?", pos) if not i then break end pos = j + 1 portspec = tonumber(portspec) or portspec if proto == "both" then local ttab = ports.tcp ttab[#ttab+1] = portspec local utab = ports.udp utab[#utab+1] = portspec else local ptab = ports[proto] ptab[#ptab+1] = portspec end until pos >= #range until pos >= #range local tcp_rule = portnumber(ports.tcp, "tcp") local udp_rule = portnumber(ports.udp, "udp") return function(host, port) return tcp_rule(host, port) or udp_rule(host, port) end end return _ENV;