Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apache killer (was: [NSE] New script and email update patch)

From: Duarte Silva <duarte.silva () serializing me>
Date: Mon, 29 Aug 2011 21:16:58 +0100
Hi,

should this script be considered intrusive? Its such low profile that it 
doesn't seem to make sense.

New version in the attachments, regards,
Duarte Silva

On Monday 29 August 2011 20:46:15 David Fifield wrote:

On Mon, Aug 29, 2011 at 01:00:44PM +0200, Henri Doreau wrote:

2011/8/29 Duarte Silva <duarte.silva () serializing me>:

Good morning,

new version implementing Henri Doreau sugestions in the attachments.

Regards,
Duarte Silva


I also wonder whether using target.name is the best choice. Maybe
trying (target.targetname or target.ip) would be better? In any case
there is this http-vuln-cve2011-3192.hostname available, which is
good.


You should omit the Host header unless the user overrides it with a
script argument. The http library will automatically fill in what is
most appropriate. See stdnse.get_hostname; it's much like Henri
suggests.

David Fifield

Attachment: http-vuln-cve2011-3192.nse
Description:

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: