Script http-useragent-tester

Script types: portrule
Categories: discovery, safe

Script Summary

Checks if various crawling utilities are allowed by the host.

Script Arguments


A table with more User-Agent headers. Default: nil

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.


See the documentation for the slaxml library.

max-newtargets, newtargets

See the documentation for the target library., http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p80 --script http-useragent-tester.nse <host>

This script sets various User-Agent headers that are used by different
utilities and crawling libraries (for example CURL or wget). If the request is
redirected to a page different than a (valid) browser request would be, that
means that this utility is banned.

Script Output

80/tcp open  http    syn-ack
| http-useragent-tester:
|   Status for browser useragent: 200
|   Redirected To:
|   Allowed User Agents:
|     Mozilla/5.0 (compatible; Nmap Scripting Engine;
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     WWW-Mechanize/1.34
|   Change in Status Code:
|     Python-urllib/2.5: 403
|_    Wget/1.13.4 (linux-gnu): 403



  • George Chatzisofroniou

License: Same as Nmap--See