Nmap NSE net: qscan

🗓️ 01 Jun 2011 00:00:00Reported by NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbHType

Repetitively probes open and closed ports on a host to group them based on statistical differences in round-trip times. Uses mean, standard deviation, and Student's t-test to test for significance of differences in round-trip times. Based on Doug Hoyte's Qscan documentation for Nmap

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_nmap_qscan_net.nasl 5505 2017-03-07 10:00:18Z teissa $
#
# Autogenerated NSE wrapper
#
# Authors:
# NSE-Script: Kris Katterjohn
# NASL-Wrapper: autogenerated
#
# Copyright:
# NSE-Script: The Nmap Security Scanner (http://nmap.org)
# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "Repeatedly probe open and/or closed ports on a host to obtain a series         of round-
trip time values for each port.  These values are used to         group collections of ports which
are statistically different from other         groups.  Ports being in different groups (or
'families') may be due to         network mechanisms such as port forwarding to machines behind a
NAT.

        In order to group these ports into different families, some statistical         values must
be computed.  Among these values are the mean and standard         deviation of the round-trip times
for each port.  Once all of the times         have been recorded and these values have been
computed, the Student's         t-test is used to test the statistical significance of the
differences         between each port's data.  Ports which have round-trip times that are
statistically the same are grouped together in the same family.

        This script is based on Doug Hoyte's Qscan documentation and patches         for Nmap.


SYNTAX:

delay:  Average delay between packet sends. This is a number followed by 'ms' for milliseconds or 's' for seconds. ('m' and 'h' are also supported but are too long for timeouts.) The actual delay will randomly vary between 50% and 150% of the time specified. Default: '200ms'.


numtrips:  Number of round-trip times to try to get.


confidence:  Confidence level: '0.75', '0.9', '0.95', '0.975', '0.99', '0.995', or '0.9995'.


numclosed:  Maximum number of closed ports to probe (default 1). A negative number disables the limit.



numopen:  Maximum number of open ports to probe (default 8). A negative number disables the limit.";

if(description)
{
    script_id(104158);
    script_version("$Revision: 5505 $");
    script_tag(name:"last_modification", value:"$Date: 2017-03-07 11:00:18 +0100 (Tue, 07 Mar 2017) $");
    script_tag(name:"creation_date", value:"2011-06-01 16:32:46 +0200 (Wed, 01 Jun 2011)");
    script_tag(name:"cvss_base", value:"0.0");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
    script_name("Nmap NSE net: qscan");


    script_category(ACT_INIT);
    script_tag(name:"qod_type", value:"remote_analysis");
    script_copyright("NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH");
    script_family("Nmap NSE net");
    script_dependencies("nmap_nse_net.nasl");
    script_mandatory_keys("Tools/Launch/nmap_nse_net");

    script_add_preference(name:"delay", value:"", type:"entry");
    script_add_preference(name:"numtrips", value:"", type:"entry");
    script_add_preference(name:"confidence", value:"", type:"entry");
    script_add_preference(name:"numclosed", value:"", type:"entry");
    script_add_preference(name:"numopen", value:"", type:"entry");

    script_tag(name : "summary" , value : tag_summary);
    exit(0);
}


include("nmap.inc");


phase = 0;
if (defined_func("scan_phase")) {
    phase = scan_phase();
}

if (phase == 1) {
    # Get the preferences
    argv = make_array();

    pref = script_get_preference("delay");
    if (!isnull(pref) && pref != "") {
        argv["delay"] = string('"', pref, '"');
    }
    pref = script_get_preference("numtrips");
    if (!isnull(pref) && pref != "") {
        argv["numtrips"] = string('"', pref, '"');
    }
    pref = script_get_preference("confidence");
    if (!isnull(pref) && pref != "") {
        argv["confidence"] = string('"', pref, '"');
    }
    pref = script_get_preference("numclosed");
    if (!isnull(pref) && pref != "") {
        argv["numclosed"] = string('"', pref, '"');
    }
    pref = script_get_preference("numopen");
    if (!isnull(pref) && pref != "") {
        argv["numopen"] = string('"', pref, '"');
    }
    nmap_nse_register(script:"qscan", args:argv);
} else if (phase == 2) {
    res = nmap_nse_get_results(script:"qscan");
    foreach portspec (keys(res)) {
        output_banner = 'Result found by Nmap Security Scanner (qscan.nse) http://nmap.org:\n\n';
        if (portspec == "0") {
            log_message(data:output_banner + res[portspec], port:0);
        } else {
            v = split(portspec, sep:"/", keep:0);
            proto = v[0];
            port = v[1];
            log_message(data:output_banner + res[portspec], port:port, protocol:proto);
        }
    }
}

07 Mar 2017 00:00Current

7.2High risk

Vulners AI Score7.2