Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Correction for nginx match line

Correction for nginx match line

From: Sven Klemm <sven_at_c3d2.de>
Date: Mon, 17 Dec 2007 16:54:54 +0100

Hi

nmap improperly detects nginx over ssl as http-proxy when doing
service scan. The reason for this is that nginx answers with HTTP 400
Bad Request when it receives HTTP Requests on HTTPS ports. The
attached patch adjusts the match line so that nginx over ssl will be
properly detected as ssl/http-proxy.

Result with patch:

sven:~/code/nmap> nmap -p 80,443 23.23.23.23 -sV

Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-17 16:45 CET
Interesting ports on 23.23.23.23:
PORT STATE SERVICE VERSION
80/tcp open http-proxy nginx http proxy 0.5.30
443/tcp open ssl/http-proxy nginx http proxy 0.5.30

Cheers
Sven

Index: nmap-service-probes
===================================================================
--- nmap-service-probes (revision 6557)
+++ nmap-service-probes (working copy)
@@ -4521,7 +4521,7 @@
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ o/Windows/
 match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/
-match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: nginx/([\d.]+)\r\n| p/nginx http proxy/ v/$1/
+match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4([1-9]\d|0[1-9])) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ v/$3/
 match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http proxy/ i/Simple, Secure Web Server $1/ d/firewall/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http proxy/
 match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute Pro http proxy/ o/Windows/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Dec 17 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]