Nmap Development mailing list archives
[NSE][RFC] Enforcement of maximum HTTP response body size
From: nnposter <nnposter () users sourceforge net>
Date: Wed, 24 Apr 2019 11:01:59 -0600
At present the HTTP library always attempts to retrieve the entire response body, regardless of its size. This can result in accidental or malicious resource exhaustion on the scanner:
[GitHub] "http-config-backup" and servers responding with large garbage files to any request
https://github.com/nmap/nmap/issues/467I am proposing an implementation of a response body size limit, asking for feedback from the Nmap community. A fairly comprehensive description of the design can be found at
https://github.com/nmap/nmap/pull/1571Feel free to give the code a spin. You might find that the feature is useful for accelerating existing scripts, by telling Nmap to only retrieve the first 10 or 100 KB, depending on the objective.
Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][RFC] Enforcement of maximum HTTP response body size nnposter (Apr 24)
- Re: [NSE][RFC] Enforcement of maximum HTTP response body size nnposter (May 21)