Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-useragent-tester.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Sat, 27 Jul 2013 21:35:18 +0300

Hi Paulino,

On Fri, Jul 26, 2013 at 12:26:07PM -0500, Paulino Calderon wrote:
Have you considered including the capability of discovering new
hosts with this script? 

That's a good addition. The script now checks if the returned location 
lies outside the target host. If it is, the target library adds the new
discovered target to Nmap scan queue.

I've encountered web servers that redirect
you to different hosts depending on the UserAgent. 

I was thinking about cases in which this could happen. I came up with two:

- Hosts that detect headers from crawling libraries/ultities and ban
  these clients. That's what the current script is checking.

- Hosts that hold a mobile version of the site and redirect the clients
  to this version. I'll post a script that checks this soon.

If anyone knows more cases, please let me know. Maybe we will come up with new
script ideas.

George Chatzisofroniou
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]