Nmap Development mailing list archives
[PATCH] Change classification of nginx from http-proxy to http
From: Sven Klemm <sven () c3d2 de>
Date: Mon, 08 Sep 2008 14:51:20 +0200
Hi,currently nginx is classified as http-proxy even though it is not really a http proxy but a web server with reverse proxy capabilities similar to apache. The attached patch changes the classification to http. I put the matchline below the Apache ones because according to Netcraft it's the third most popular web server.
See http://en.wikipedia.org/wiki/Nginx for more information. Any objections to this change? Cheers, Sven -- Sven Klemm http://cthulhu.c3d2.de/~sven/
Index: nmap-service-probes =================================================================== --- nmap-service-probes (revision 10026) +++ nmap-service-probes (working copy) @@ -3536,6 +3536,8 @@ match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: Apache[- ]Coyote/(\d[-\d.]+)\r\n|s p|Apache Tomcat/Coyote JSP engine| v|$1| match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Apache/([\w-_.]+) Ben-SSL/([\w-_.]+) \(Unix\)\r\n|s p/Apache httpd/ v/$1/ i/Ben-SSL $1/ o/Unix/ +match http m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx web server/ v/$3/ + match http m|^HTTP/1\.1.*\r\nServer: Netscape-Enterprise/([-.\w]+)\r\n| p/Netscape Enterprise httpd/ v/$1/ # Citrix NFuse 2.0 on MS IIS 5.0 match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n.*\r\nContent-Location: http://[^/]+/nfuse.htm\r\n.*\r\n---- NFuse ([-.\w]+) \(Build |s p/Citrix NFuse/ v/$2/ i/Microsoft IIS $1/ o/Windows/ @@ -4978,7 +4980,6 @@ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ o/Windows/ match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/ -match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ v/$3/ match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http proxy/ i/Simple, Secure Web Server $1/ d/firewall/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http proxy/ match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute Pro http proxy/ o/Windows/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Change classification of nginx from http-proxy to http Sven Klemm (Sep 08)