Re: softmatch for http

[Daniel Miller <bonsaiviking () gmail com>]

On 09/18/2013 02:07 AM, Till Maas wrote:
> I hope that there is a solution to this. So besides maybe adding the
> softmatch to other protocols to allow other probes to be run, maybe it
> can be moved to the end somehow to still find the server to be http,
> when other probes did not match.
Till,

I believe there is now a solution for this. NSE scripts work great for 
checks that depend on or supplement version scan info, and they run 
*after* the version scan has completed. I just checked in a script, 
http-server-header, that should be able to do the kind of detection you 
want. It won't run if -sV already detected some other service (like 
UPnP), but in other cases it sends the GetRequest probe and checks for 
'HTTP/1.[01] \d\d\d', setting the service to "http" and extracting the 
Server: header.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/