Script http-mobileversion-checker

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-mobileversion-checker.nse

Script Summary

Checks if the website holds a mobile version.

See also:

• http-useragent-tester.nse

Script Arguments

newtargets

If this is set, add any newly discovered hosts to nmap scanning queue. Default: nil

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

slaxml.debug

See the documentation for the slaxml library.

max-newtargets

See the documentation for the target library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p80 --script http-mobileversion-checker.nse <host>

This script sets an Android User-Agent header and checks if the request
will be redirected to a page different than a (valid) browser request
would be. If so, this page is most likely to be a mobile version of the
app.

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
|_ http-mobileversion-checker: Found mobile version: https://m.some-very-random-website.com (Redirected to a different host)

Requires

• http
• target
• shortport
• httpspider
• stdnse
• url

---

Author:

• George Chatzisofroniou

License: Same as Nmap--See https://nmap.org/book/man-legal.html