Detecting the Nmap Scanning Engine User Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Detecting the Nmap Scanning Engine User Agent

L4 Transporter

Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent.

User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)

Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives.

Please let me know if you have any problems, and I'll try to refine the RegEx.

1 REPLY 1

Not applicable

FYI you are leaking admin (mharding) information in the xml file.  Plus unless that is taken out you can not use the import.  Anyhow it was a good reference as I used it to create mine.  Thanks.

  • 8380 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!