Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...

Browse source
This commit is contained in:
Bernhard Amann 2011-12-08 15:27:47 -08:00
parent 311cd1b116
commit dcc7fe3c38
7 changed files with 124 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/protocols/ssh/software.bro
View file

@ -16,14 +16,12 @@ event ssh_client_version(c: connection, version: string) &priority=4
{
# Get rid of the protocol information when passing to the software framework.
local cleaned_version = sub(version, /^SSH[0-9\.\-]+/, "");
local si = Software::parse(cleaned_version, c$id$orig_h, CLIENT);
Software::found(c$id, si);
Software::found([$id=c$id, $banner=cleaned_version, $host=c$id$orig_h, $sw_type=CLIENT]);
}
event ssh_server_version(c: connection, version: string) &priority=4
{
# Get rid of the protocol information when passing to the software framework.
local cleaned_version = sub(version, /SSH[0-9\.\-]{2,}/, "");
local si = Software::parse_with_port(cleaned_version, c$id$resp_h, c$id$resp_p, SERVER);
Software::found(c$id, si);
Software::found([$id=c$id, $banner=cleaned_version, $host=c$id$resp_h, $host_p=c$id$resp_p, $sw_type=SERVER]);
}