Member-only story
How to Make Nmap Recognize New Services
Nmap has been my favorite hacking tool for years. Its accuracy is unchallenged and it boasts hundreds of scripts that make it vital in every pentest engagement.
Lately, I’ve been working more on the ICS space, developing a OPC UA vulnerability scanner. To my dismay, I noticed that Nmap does not recognize OPC UA services. This makes black box security testing of this dominating ICS protocol tricky, as OPC UA server vendors are known to use non-standard ports extensively.
Having read the Nmap book, I knew it wouldn’t be too hard to teach it how to detect new services. Having used Nmap for a long time it was also time to pay back. Therefore I decided to contribute the protocol detection to the Nmap codebase and write a short tutorial to show how you can do the same for other unrecognized protocols. What follows is that tutorial.
Getting a copy of the codebase
- Create a public fork of the Nmap repository (requires a GitHub account).
- Clone your fork:
git clone <your fork> - Enter the clone
cd nmap - Verify your target service is not recognized with the latest probes file(requires nmap):
# The idea is to avoid having to compile Nmap
# by making changes to the nmap-service-probes file
# and…
