Nmap Development mailing list archives
Re: [NSE] http-useragent-tester.nse
From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 26 Jul 2013 12:26:07 -0500
On 07/25/2013 01:10 PM, George Chatzisofroniou wrote:
The attached script sets various User-Agent headers that are used by different ultities and crawling libraries (for example CURL or wget). If a request is redirected to a page different than a (valid) browser request would, that means that this ultity is banned. Here is an example of usage: ./nmap -p80 -n -Pn --script http-useragent-tester.nse some-very-random-page.com -d1 And the output: PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-useragent-tester: | libwww is not allowed: https://www.some-very-random-page.com/unsupportedbrowser | lwp-trivial is allowed. | libcurl-agent/1.0 is not allowed: https://www.some-very-random-page.com/unsupportedbrowser | PHP/ is allowed. | Python-urllib/2.5 is allowed. | GT::WWW is allowed. | Snoopy is allowed. | MFC_Tear_Sample is allowed. | HTTP::Lite is allowed. | PHPCrawl is allowed. | URI::Fetch is allowed. | Zend_Http_Client is allowed. | http client is allowed. | PECL::HTTP is allowed. | Wget/1.13.4 (linux-gnu) is not allowed: https://www.some-very-random-page.com/unsupportedbrowser |_ WWW-Mechanize/1.34 is allowed. Also, a user may use the option 'useragents' to test her own User-Agent headers. PS: The idea of setting various headers to discover anything about the host comes from d33tah, so kudos to him as well. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Hi,Have you considered including the capability of discovering new hosts with this script? I've encountered web servers that redirect you to different hosts depending on the UserAgent. It would be great to add a check for this and have the library "target" handle it.
Cheers. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 25)
- Re: [NSE] http-useragent-tester.nse Paulino Calderon (Jul 26)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 27)
- Re: [NSE] http-useragent-tester.nse Daniel Miller (Jul 27)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
- Re: [NSE] http-useragent-tester.nse Robin Wood (Jul 30)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 30)
- Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 27)
- Re: [NSE] http-useragent-tester.nse Paulino Calderon (Jul 26)