""ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine)""

SID: 2009358

Revision: 5

Class Type: web-application-attack

Metadata: created_at 2010_07_30, updated_at 2010_11_22

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "User-Agent|3a| Mozilla/5.0 (compatible|3b| Nmap Scripting Engine"

Within:

PCRE:

Special Options:

  • http_header

  • nocase

source