Re: Nmap NSE: Bad Behaviour

["DePriest, Jason R." <jrdepriest () gmail com>]

On Sat, May 31, 2008 at 12:41 AM, Fyodor <fyodor () insecure org> wrote:
> On Fri, May 30, 2008 at 03:26:45PM +0100, jah wrote:
> > So first off, my suggestion to change the user-agent to firefox was
> > tongue-in-cheek - I'm sure that was apparent, but I thought I'd better
> > emphasise it in case it gets misconstrued.
>
> Heh, well I didn't thing it was a terrible idea :).  Sometimes you
> want to be stealthy and blend into the crowd.  But at other times
> there is value in being above-board and stating that we're Nmap NSE
> and damn proud of it!  Right now I think the our http library user
> agent is just "Nmap NSE".  I think we should at least use a more
> standard format.  Here is what Yahoo uses:
>
> Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)
>
> We could use something similar:
>
> Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)
>
> Unless someone has a better idea, I'll change it to this for now.  If
> a bunch of idiots start misunderstanding and thinking it is me trying
> to hack their server just because I host the NSE documentation page,
> the URL is going away.  Or maybe I'll just change it to sco.com or
> microsoft.com :).
>
> I agree that it would be nice to have an NSE option argument to set
> your own user agent.
>
> Cheers,
> -F

For lots of examples: http://www.useragentstring.com/pages/useragentstring.php

Shouldn't the user agent string have a version number in it, too?

And it is really Mozilla/5.0 compatible or are you just trying to make
sure it gives up useful information?

That's a thought.  Some websites change their response based on user
agent.  This may have unforeseen consequences.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org