Detecting the Nmap Scanning Engine User Agent

L4 Transporter

Detecting the Nmap Scanning Engine User Agent

Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent.

User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)

Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives.

Please let me know if you have any problems, and I'll try to refine the RegEx.

Not applicable

Re: Detecting the Nmap Scanning Engine User Agent

FYI you are leaking admin (mharding) information in the xml file.  Plus unless that is taken out you can not use the import.  Anyhow it was a good reference as I used it to create mine.  Thanks.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!