Skip to main content

Web scanning / weird HTTP headers

So there I was, scanning the web with a little Python script, looking for servers and other connected devices (you know, typical Tuesday night stuff) when I found a response that had an HTTP header with the key "X-hacker".

I've never seen that one before so I opened it up to see what the value was, thinking that surely it'll be something awesome...
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
That's right. They're in our meetups, and discussion boards, and now recruiters are even lurking in HTTP headers.


To anyone interested in the scanning script, it's basically a modified version of this: https://gist.github.com/wybiral/8529a14092fef7e31a1c82eb65d36c60. You need a MongoDB instance for it to insert the scans into. Then you can query that MongoDB instance. I use a small web interface that groups them for quick statistics on common responses, popular server versions, etc. Yes, you'd have much better performance if you put something like ZMap in front of a parser, but this works well enough for my needs. Don't do anything I wouldn't do.

Comments

Popular posts from this blog

Procedural music with PyAudio and NumPy

Combining two of my favorite pastimes, programming and music... This is the hacky "reduced to it's basic components" version of a library I've been working on for generating music and dealing with music theory.

Tweaking the harmonics by changing the shape of the harmonic components and ratios can produce some interesting sounds. This one only uses sine waveforms, but a square / saw generator is trivial with numpy.

It takes a second to generate, so don't turn your volume up too loud in anticipation (it may be loud).

import math
import numpy
import pyaudio
import itertools
from scipy import interpolate
from operator import itemgetter


class Note:

NOTES = ['c','c#','d','d#','e','f','f#','g','g#','a','a#','b']

def __init__(self, note, octave=4):
self.octave = octave
if isinstance(note, int):
self.index = note
self.note = Note.NOTES[note]
elif isinstance(note, st…

Build a Feed Reader in Python (Parts 7-9)

Part 07 Adding Jinja2 templates to a flask web application.

 Part 08 Adding static files so we can serve some CSS to style our app.

Part 09 Adding a background task to continuously update the articles while the application is running.

Write a Feed Reader in Python

I just started a new video tutorial series. This time it'll cover the entire process of writing an RSS feed reader in Python from start to finish using the feedparser module, flask, and SQLAlchemy. Expect to see about 3-4 new videos a week until this thing is finished!
Click to watch