Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apache killer (was: [NSE] New script and email update patch)

From: David Fifield <david () bamsoftware com>
Date: Mon, 29 Aug 2011 12:46:15 -0700
On Mon, Aug 29, 2011 at 01:00:44PM +0200, Henri Doreau wrote:

2011/8/29 Duarte Silva <duarte.silva () serializing me>:

Good morning,

new version implementing Henri Doreau sugestions in the attachments.

Regards,
Duarte Silva


I also wonder whether using target.name is the best choice. Maybe
trying (target.targetname or target.ip) would be better? In any case
there is this http-vuln-cve2011-3192.hostname available, which is
good.


You should omit the Host header unless the user overrides it with a
script argument. The http library will automatically fill in what is
most appropriate. See stdnse.get_hostname; it's much like Henri
suggests.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: