https://live.paloaltonetworks.com/t5/automation-api-discussions/detecting-the-nmap-scanning-engine-user-agent/m-p/16531#M437 <HTML><HEAD></HEAD><BODY><P>Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent.</P><P></P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code">User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; <A href="http://nmap.org/book/nse.html">http://nmap.org/book/nse.html</A>)</PRE><P></P><P>Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives.</P><P></P><P>Please let me know if you have any problems, and I'll try to refine the RegEx.</P></BODY></HTML> Wed, 25 Aug 2010 18:50:51 GMT mharding 2010-08-25T18:50:51Z https://live.paloaltonetworks.com/t5/automation-api-discussions/detecting-the-nmap-scanning-engine-user-agent/m-p/16531#M437 <HTML><HEAD></HEAD><BODY><P>Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent.</P><P></P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code">User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; <A href="http://nmap.org/book/nse.html">http://nmap.org/book/nse.html</A>)</PRE><P></P><P>Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives.</P><P></P><P>Please let me know if you have any problems, and I'll try to refine the RegEx.</P></BODY></HTML> Wed, 25 Aug 2010 18:50:51 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/detecting-the-nmap-scanning-engine-user-agent/m-p/16531#M437 mharding 2010-08-25T18:50:51Z https://live.paloaltonetworks.com/t5/automation-api-discussions/detecting-the-nmap-scanning-engine-user-agent/m-p/16532#M438 <HTML><HEAD></HEAD><BODY><P>FYI you are leaking admin (mharding) information in the xml file.&nbsp; Plus unless that is taken out you can not use the import.&nbsp; Anyhow it was a good reference as I used it to create mine.&nbsp; Thanks.</P></BODY></HTML> Thu, 22 Mar 2012 20:09:19 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/detecting-the-nmap-scanning-engine-user-agent/m-p/16532#M438 odonnek 2012-03-22T20:09:19Z