Home page logo

nmap-dev logo Nmap Development mailing list archives

http-methods.nse implementation
From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Tue, 8 Mar 2011 15:33:48 +0200

The http-methods.nse script bases its checks off of a response to a
request using the OPTIONS method. If, for example, the server has
OPTIONS disabled, but PUT, TRACE and DELETE enabled, the script
running with http-methods.retest enabled wont find an of those
methods. The script exits if no Allow or Public headers are found in
response to an OPTIONS request. Would it make more sense for the
script to have a base list of methods that it checks for regardless of
whether OPTIONS is enabled or not and then appends that list based on
the results of an OPTIONS request?

 - Josh
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]