Nmap Development: Re: Correction for nginx match line

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Re: Correction for nginx match line

From: Sven Klemm <sven () c3d2 de>
Date: Fri, 04 Jan 2008 19:57:39 +0100

Fyodor wrote:

On Mon, Dec 17, 2007 at 05:06:11PM +0100, Sven Klemm wrote:

The applied patch still had a bug in that it wouldn't match every 4xx
code except 400. The patch applied to this mail fixes this.


Thanks for the report.  I've applied this to nmap-service-probes in svn.


Thank you very much for applying. Unfortunately there was still a
minor bug in it which causes the http status code being reported as
version number. The attached patch fixes this.

Cheers

-- 
Sven Klemm
http://cthulhu.c3d2.de/~sven/

Index: nmap-service-probes
===================================================================
--- nmap-service-probes (revision 6668)
+++ nmap-service-probes (working copy)
@@ -4520,7 +4520,7 @@
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ 
o/Windows/
 match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; 
charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/
-match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ 
v/$1/
+match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ 
v/$3/
 match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http 
proxy/ i/Simple, Secure Web Server $1/ d/firewall/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http 
proxy/
 match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font 
COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute 
Pro http proxy/ o/Windows/

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Re: Correction for nginx match line Sven Klemm (Jan 04)
- Re: Correction for nginx match line Fyodor (Jan 04)