From 9da75f092090a538d159068aa7cb7acd19d8a2f3 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Fri, 1 Mar 2019 19:11:13 -0500 Subject: [PATCH] Fixed typo in port-scan-profile and README.md --- README.md | 6 +++--- port-scan-profiles.toml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bb736bb..01d2c14 100644 --- a/README.md +++ b/README.md @@ -248,15 +248,15 @@ Here is a more complicated example: [udp.udp-top-20] [udp.udp-top-20.port-scan] - command = 'unicornscan -mU -p 631,161,137,123,138,1434,445,135,67,53,139,500,68,520,1900,4500,514,49152,162,69 {address} 2>&1 | tee "{scandir}/_udp_top20_unicornscan.txt"' + command = 'unicornscan -mU -p 631,161,137,123,138,1434,445,135,67,53,139,500,68,520,1900,4500,514,49152,162,69 {address} 2>&1 | tee "{scandir}/_top_20_udp_unicornscan.txt"' pattern = '^UDP open\s*[\w-]+\[\s*(?P\d+)\].*$' [udp.udp-top-20.service-detection] - command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_udp_top20_nmap.txt" -oX "{scandir}/_udp_top20_nmap.xml" {address}' + command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/_top_20_udp_nmap.xml" {address}' pattern = '^(?P\d+)\/(?P(udp))(.*)open(\s*)(?P[\w\-\/]+)(\s*)(.*)$' ``` -In this example, a profile called "udp" defines a scan called "top20". This scan has two commands, one is a port-scan and the other is a service-detection. When a port-scan command is defined, it will always be run first. The corresponding pattern must match a named group "port" which extracts the port number from the output. +In this example, a profile called "udp" defines a scan called "udp-top-20". This scan has two commands, one is a port-scan and the other is a service-detection. When a port-scan command is defined, it will always be run first. The corresponding pattern must match a named group "port" which extracts the port number from the output. The service-detection will be run after the port-scan command has finished, and uses a new reference: {ports}. This reference is a comma-separated string of all the ports extracted by the port-scan command. Note that the same three named groups (port, protocol, and service) are defined in the service-detection pattern. diff --git a/port-scan-profiles.toml b/port-scan-profiles.toml index d93eefe..b983eaf 100644 --- a/port-scan-profiles.toml +++ b/port-scan-profiles.toml @@ -31,9 +31,9 @@ [udp.udp-top-20] [udp.udp-top-20.port-scan] - command = 'unicornscan -mU -p 631,161,137,123,138,1434,445,135,67,53,139,500,68,520,1900,4500,514,49152,162,69 {address} 2>&1 | tee "{scandir}/_udp_top20_unicornscan.txt"' + command = 'unicornscan -mU -p 631,161,137,123,138,1434,445,135,67,53,139,500,68,520,1900,4500,514,49152,162,69 {address} 2>&1 | tee "{scandir}/_top_20_udp_unicornscan.txt"' pattern = '^UDP open\s*[\w-]+\[\s*(?P\d+)\].*$' [udp.udp-top-20.service-detection] - command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_udp_top20_nmap.txt" -oX "{scandir}/_udp_top20_nmap.xml" {address}' + command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/_top_20_udp_nmap.xml" {address}' pattern = '^(?P\d+)\/(?P(udp))(.*)open(\s*)(?P[\w\-\/]+)(\s*)(.*)$'