Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap NSE: Bad Behaviour
From: Fyodor <fyodor () insecure org>
Date: Fri, 30 May 2008 16:41:35 -0700

On Fri, May 30, 2008 at 03:26:45PM +0100, jah wrote:

So first off, my suggestion to change the user-agent to firefox was
tongue-in-cheek - I'm sure that was apparent, but I thought I'd better
emphasise it in case it gets misconstrued.

Heh, well I didn't thing it was a terrible idea :).  Sometimes you
want to be stealthy and blend into the crowd.  But at other times
there is value in being above-board and stating that we're Nmap NSE
and damn proud of it!  Right now I think the our http library user
agent is just "Nmap NSE".  I think we should at least use a more
standard format.  Here is what Yahoo uses:

Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

We could use something similar:

Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)

Unless someone has a better idea, I'll change it to this for now.  If
a bunch of idiots start misunderstanding and thinking it is me trying
to hack their server just because I host the NSE documentation page,
the URL is going away.  Or maybe I'll just change it to sco.com or
microsoft.com :).

I agree that it would be nice to have an NSE option argument to set
your own user agent.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]