Nmap Development mailing list archives

Re: http-wp-enum.nse - Wordpress user enumeration

From: Hani Benhabiles <kroosec () gmail com>
Date: Tue, 5 Jul 2011 02:44:58 +0100

Hey Paulino,

On Tue, Jul 5, 2011 at 4:23 AM, Paulino Calderon
<paulino () calderonpale com>wrote:

Hi nmap-dev,

I noticed some WAF's are blocking requests when using Nmap's default user
agent. If you see http errors with status 501, try changing the user agent
for the requests.


I remember talking about this point before [1]. The unique NSE user-agent is
easily blocked. I still believe that the best default value for http
library's user agent is one matching a common web browser (Firefox on
Windows 7 for instance) or at least a blank user agent.

Hani

[1] http://seclists.org/nmap-dev/2011/q1/967
-- 
M. Hani Benhabiles
Twitter: @kroosec
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http-wp-enum.nse - Wordpress user enumeration Paulino Calderon (Jul 04)
- Re: http-wp-enum.nse - Wordpress user enumeration Hani Benhabiles (Jul 04)
- Re: http-wp-enum.nse - Wordpress user enumeration Paulino Calderon (Jul 04)