Nmap Development mailing list archives

Re: [NSE] http-useragent-tester.nse

From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 26 Jul 2013 12:26:07 -0500

On 07/25/2013 01:10 PM, George Chatzisofroniou wrote:

The attached script sets various User-Agent headers that are used by different
ultities and crawling libraries (for example CURL or wget). If a request is
redirected to a page different than a (valid) browser request would, that
means that this ultity is banned.

Here is an example of usage:

./nmap -p80 -n -Pn --script http-useragent-tester.nse some-very-random-page.com -d1

And the output:

  PORT   STATE SERVICE REASON
  80/tcp open  http    syn-ack
  | http-useragent-tester:
  |   libwww is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
  |   lwp-trivial is allowed.
  |   libcurl-agent/1.0 is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
  |   PHP/ is allowed.
  |   Python-urllib/2.5 is allowed.
  |   GT::WWW is allowed.
  |   Snoopy is allowed.
  |   MFC_Tear_Sample is allowed.
  |   HTTP::Lite is allowed.
  |   PHPCrawl is allowed.
  |   URI::Fetch is allowed.
  |   Zend_Http_Client is allowed.
  |   http client is allowed.
  |   PECL::HTTP is allowed.
  |   Wget/1.13.4 (linux-gnu) is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
  |_  WWW-Mechanize/1.34 is allowed.

Also, a user may use the option 'useragents' to test her own User-Agent headers.

PS: The idea of setting various headers to discover anything about the host
comes from d33tah, so kudos to him as well.



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Hi,

Have you considered including the capability of discovering new hostswith this script? I've encountered web servers that redirect you todifferent hosts depending on the UserAgent. It would be great to add acheck for this and have the library "target" handle it.


Cheers.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-useragent-tester.nse Paulino Calderon (Jul 26)
  - Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 27)
    - Re: [NSE] http-useragent-tester.nse Daniel Miller (Jul 27)
    - Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
    - Re: [NSE] http-useragent-tester.nse Robin Wood (Jul 30)
    - Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
    - Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Aug 10)