Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE][RFC] Enforcement of maximum HTTP response body size

From: nnposter <nnposter () users sourceforge net>
Date: Wed, 24 Apr 2019 11:01:59 -0600
At present the HTTP library always attempts to retrieve the entire response body, regardless of its size. This can result in accidental or malicious resource exhaustion on the scanner:
[GitHub] "http-config-backup" and servers responding with large garbage files to any request 
https://github.com/nmap/nmap/issues/467
I am proposing an implementation of a response body size limit, asking for feedback from the Nmap community. A fairly comprehensive description of the design can be found at 

https://github.com/nmap/nmap/pull/1571
Feel free to give the code a spin. You might find that the feature is useful for accelerating existing scripts, by telling Nmap to only retrieve the first 10 or 100 KB, depending on the objective. 

Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: