Nmap Development mailing list archives
Re: Apache killer 3192
From: Adrian Coelho <adrian.coelho () gmail com>
Date: Mon, 12 Sep 2011 06:09:07 -0700
hi, the scripts works for port 80. It detects if a server is vulnerable to Apache Killer. For port 443, iI get the following error.... *Initiating NSE at 15:33 NSE: Setting the host name to 'x.x.x.x' since 'http-vuln-cve2011-3192.hostname' argument is missing. NSE: http-vuln-cve2011-3192 against x.x.x.x:443 threw an error! .../local/share/nmap/scripts/http-vuln-cve2011-3192.nse:86: variable 'script_opts' is not declared stack traceback: [C]: in function 'error' /usr/local/share/nmap/nselib/strict.lua:69: in function </usr/local/share/nmap/nselib/strict.lua:60> .../local/share/nmap/scripts/http-vuln-cve2011-3192.nse:86: in function <.../local/share/nmap/scripts/http-vuln-cve2011-3192.nse:41> (tail call): ? Completed NSE at 15:33, 0.02s elapsed Completed NSE at 15:33, 0.02s elapsed Nmap scan report for Host is up, received syn-ack (0.0089s latency). Scanned at 2011-09-12 15:33:40 BST for 2s PORT STATE SERVICE REASON 80/tcp filtered http no-response 443/tcp open https syn-ack Final times for host: srtt: 8850 rttvar: 6639 to: 100000 NSE: Starting runlevel 1 (of 1) scan. Read from /usr/local/share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds Raw packets sent: 9 (372B) | Rcvd: 2 (88B) * any help? On Mon, Sep 12, 2011 at 3:47 AM, Henri Doreau <henri.doreau () greenbone net>wrote:
2011/9/12 Adrian Coelho <adrian.coelho () gmail com>:Hi, I tried the apache killer script on few webservers running https(443/tcp) and it was not able to determine if the server is vulnerable or not? Am I missing something or does the script need some tweaking?Regards, Adrian CoelhoHello, Not sure what happened there... what do you mean by "not able to determine"? If you get no output it's likely that your target isn't vulnerable, as by default the script won't display anything if the target isn't vulnerable, in order to avoid bloating the output. There might also be a problem with the script though. Can you try to run it with debug mode enabled (-d)? That should give you much more information about what actually happens. Regards. -- Henri
-- Thanks, Adrian _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 John Bond (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Duarte Silva (Sep 13)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)