Nmap Development mailing list archives
Re: [NSE] False positive - http-huawei-hg5xx-vuln.nse
From: Tom Sellers <nmap () fadedcode net>
Date: Sun, 08 Jul 2012 07:42:17 -0500
On 7/3/2012 9:10 PM, tom () fadedcode net wrote:
The script - http-huawei-hg5xx-vuln.nse [1] - detects a vulnerability in Huawei modem and also performs service detection by checking response to certain HTTP queries. A false positive is generated when it scans a HTTP server that return a 200 response code to every request. Certain devices, such as Cisco ASAs and some Oracle httpd services, tend to do this. You can test this by scanning the HTTPS port on a Cisco ASA that is providing SSL VPN service. You find a couple of these to test with using a Google search [2]. I have attached a patch that will use the http library's identify_404 function and detect httpds that respond with 200 when queried for non-existent documents. There are a couple of other scripts [3] that have a similar problem and I will fix them if the patch passes review. Thank much, Tom Sellers 1. http://nmap.org/nsedoc/scripts/http-huawei-hg5xx-vuln.html 2. allintitle: "SSL VPN Service" 3. http-cakephp-version, http-malware-host, http-method-tamper
I have committed the changes to: http-cakephp-version http-default-accounts https-huawei-hg5xx-vuln ( adjusted again for output consistency ) http-malware-hosts http-method-tamper membase-http-info riak-http-info The change reduces network traffic, false positives, invalid credentials and script output. In my case it restores the ability to search script output when searching data generated against 100k hosts. Thanks much, Tom Sellers _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] False positive - http-huawei-hg5xx-vuln.nse tom () fadedcode net (Jul 04)
- Re: [NSE] False positive - http-huawei-hg5xx-vuln.nse Tom Sellers (Jul 04)
- Re: [NSE] False positive - http-huawei-hg5xx-vuln.nse Tom Sellers (Jul 08)