Nmap Development mailing list archives

http-methods.nse implementation

From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Tue, 8 Mar 2011 15:33:48 +0200

The http-methods.nse script bases its checks off of a response to a
request using the OPTIONS method. If, for example, the server has
OPTIONS disabled, but PUT, TRACE and DELETE enabled, the script
running with http-methods.retest enabled wont find an of those
methods. The script exits if no Allow or Public headers are found in
response to an OPTIONS request. Would it make more sense for the
script to have a base list of methods that it checks for regardless of
whether OPTIONS is enabled or not and then appends that list based on
the results of an OPTIONS request?

--
 - Josh
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http-methods.nse implementation Josh Amishav-Zlatin (Mar 08)
- Re: http-methods.nse implementation Rob Nicholls (Mar 08)
  - Re: http-methods.nse implementation Vlatko Kosturjak (Mar 08)
    - Re: http-methods.nse implementation Toni Ruottu (Mar 08)
    - Re: http-methods.nse implementation Rob Nicholls (Mar 08)
    - Re: http-methods.nse implementation Josh Amishav-Zlatin (Mar 08)