echoserv.py

#!/usr/bin/env python3

import sys

from twisted.internet.protocol import Protocol, Factory
from twisted.internet import reactor

class Scream(Protocol):
    flag = b'123'

    def dataReceived(self, data):
        if data == b'oh, hello':
            self.transport.write(b'AAAAAAAA' + self.flag)
        else:
            self.transport.write(b'nope')

if __name__ == '__main__':
    port = int(sys.argv[1])
    f = Factory()
    f.protocol = Scream
    reactor.listenTCP(port, f)
    reactor.run()

foo.nse

local nmap = require "nmap"

-- called to determine whether we should run the action on this port
portrule = function(host, port)
    return port.protocol == "tcp"
            and port.number >= 12345 and port.number <= 12350
            and port.state == "open"
end

-- called when we've found a host/port to test
action = function(host, port)
    local response
    local data

    local socket = nmap.new_socket()

    local try = nmap.new_try(function() socket:close() end)
    try(socket:connect(host, port))
    try(socket:send("oh, hello"))

    response, data = socket:receive()

    if not response then
      return nil
    end

    if data:sub(1,8) == "AAAAAAAA" then
      local flag = data:sub(9)
      return "Found a FooBar 5000. flag=" .. flag
    end

    return nil
end