Detection of Gemini server software

Anna “CyberTailor” cyber at sysrq.in
Tue Jun 29 09:12:32 BST 2021

Previous message (by thread): Gemini Digest, Vol 23, Issue 48 - gemlog.blue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The specification leaves error messages in response field "meta" to
servers' developers. So in response to malfored request servers may
send "59 invalid request", "59 Error parsing URL!", "59 Invalid URL"
or something else.

Is it a security issue or just "creepy"?

Potential attackers can't detect vulnerable software versions using
this method, only its name. Also there aren't any known security flaws
except that naughty ".."

**

Bonus: nmap can be learned to detect gemini servers:
https://nmap.org/book/vscan-community.html

If you are interested, post your server's fingerprint here:
https://nmap.org/cgi-bin/submit.cgi?new-service

Previous message (by thread): Gemini Digest, Vol 23, Issue 48 - gemlog.blue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list