Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Check if the service that is going to be scanned speaks HTTP before launching ANY web test #108
I've had a case where non-HTTP services (like SSH) were listening on HTTP ports (i.e. 80, 443). When this happens OWTF gets stuck forever since many of the tools launched will get stuck.
To avoid this, OWTF should be smarter and indicate that "this host does not speak HTTP" or similar and avoid running all the tests afterwards.
This check might perhaps be best implemented as a basic "GET / HTTP/1.1" request that most HTTP sites should have no option other than accept :).
You can use any service that is not HTTP, for example ssh:
You can also experiment like this: