Nmap Development mailing list archives
Re: Nmap NSE: Bad Behaviour
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Mon, 9 Jun 2008 22:44:31 +0100
On Sat, May 31, 2008 at 12:41 AM, Fyodor <fyodor () insecure org> wrote:
On Fri, May 30, 2008 at 03:26:45PM +0100, jah wrote:So first off, my suggestion to change the user-agent to firefox was tongue-in-cheek - I'm sure that was apparent, but I thought I'd better emphasise it in case it gets misconstrued.Heh, well I didn't thing it was a terrible idea :). Sometimes you want to be stealthy and blend into the crowd. But at other times there is value in being above-board and stating that we're Nmap NSE and damn proud of it! Right now I think the our http library user agent is just "Nmap NSE". I think we should at least use a more standard format. Here is what Yahoo uses: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp) We could use something similar: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html) Unless someone has a better idea, I'll change it to this for now. If a bunch of idiots start misunderstanding and thinking it is me trying to hack their server just because I host the NSE documentation page, the URL is going away. Or maybe I'll just change it to sco.com or microsoft.com :). I agree that it would be nice to have an NSE option argument to set your own user agent. Cheers, -F
For lots of examples: http://www.useragentstring.com/pages/useragentstring.php Shouldn't the user agent string have a version number in it, too? And it is really Mozilla/5.0 compatible or are you just trying to make sure it gives up useful information? That's a thought. Some websites change their response based on user agent. This may have unforeseen consequences. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap NSE: Bad Behaviour jah (May 29)
- Re: Nmap NSE: Bad Behaviour Brandon Enright (May 29)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour bensonk (May 29)
- Re: Nmap NSE: Bad Behaviour jah (May 30)
- Re: Nmap NSE: Bad Behaviour Fyodor (May 30)
- Re: Nmap NSE: Bad Behaviour DePriest, Jason R. (Jun 09)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour Brandon Enright (May 29)