On Fri Jun 24 2005 at 14:28, Jordan Wiens wrote: > That would do it, thanks. Any major drawbacks to HMAP or the > experimental option I should be aware of?
www_fingerprinting_hmap is a bit slow, sometimes uselessly noisy, and it might crash broken web servers, although I tried to make it non intrusive in "safe checks" mode. I discovered that a "POST" request with no data killed an ADSL router. The request is now excluded in "safe checks". It should be possible to make it quicker. I found that some queries are redundant. So I should extract a simplified plugin from it: - less requests - less precise data -- we cannot really know if we have Apache/1.3.18 or 1.3.20, what matters really is that it is Apache/1.3 and not IIS/4 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
