mailing list archives
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 25 Jul 2013 21:10:56 +0300
The attached script sets various User-Agent headers that are used by different
ultities and crawling libraries (for example CURL or wget). If a request is
redirected to a page different than a (valid) browser request would, that
means that this ultity is banned.
Here is an example of usage:
./nmap -p80 -n -Pn --script http-useragent-tester.nse some-very-random-page.com -d1
And the output:
PORT STATE SERVICE REASON
80/tcp open http syn-ack
| libwww is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
| lwp-trivial is allowed.
| libcurl-agent/1.0 is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
| PHP/ is allowed.
| Python-urllib/2.5 is allowed.
| GT::WWW is allowed.
| Snoopy is allowed.
| MFC_Tear_Sample is allowed.
| HTTP::Lite is allowed.
| PHPCrawl is allowed.
| URI::Fetch is allowed.
| Zend_Http_Client is allowed.
| http client is allowed.
| PECL::HTTP is allowed.
| Wget/1.13.4 (linux-gnu) is not allowed: https://www.some-very-random-page.com/unsupportedbrowser
|_ WWW-Mechanize/1.34 is allowed.
Also, a user may use the option 'useragents' to test her own User-Agent headers.
PS: The idea of setting various headers to discover anything about the host
comes from d33tah, so kudos to him as well.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
Re: [NSE] http-useragent-tester.nse George Chatzisofroniou (Aug 10)
- [NSE] http-useragent-tester.nse George Chatzisofroniou (Jul 25)