Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: http-methods & http-trace NSE Script Enhancement Ideas
From: King Thorin <kingthorin () hotmail com>
Date: Fri, 25 May 2012 09:29:07 -0400

Date: Thu, 24 May 2012 13:45:30 -0700
From: david () bamsoftware com
To: kingthorin () hotmail com
CC: nmap-dev () insecure org
Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas

On Wed, May 23, 2012 at 08:17:03AM -0400, King Thorin wrote:

I was just looking through some online docs and some nmap results. I've 
never seen a server that includes public or allow header(s) on a 
redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow 
redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS
 request on a page/resource that's providing a HTTP 200.

Ideally the redirect handling would work the same as the built-in
handling of the http.get and http.head methods. See this earlier


David Fifield

Hi David,

I definitely agree with this idea. Someone else mentioned it yesterday. Unfortunately:
1) I'm not a developer. Though I understand code at a beginner or "maybe" intermediate level and can write some kludgey 
bits I don't write code on a daily basis. Looking at http://nmap.org/nsedoc/lib/http.html yesterday did not clarify 
redirect_ok or MAX_REDIRECT_COUNT for me at all.
2) The existing redirect functionality (based on the thread you linked) only seems to cover get and head not 

3) I've done some intext and site:nmap.org googling looking for existing NSEs that leverage the existing functionality 
but they seem pretty rare and are only get/head based.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]