[PATCH] HEAD and POST support in http.lua

["Rob Nicholls" <robert () everythingeverything co uk>]

I noticed that http.lua doesn't appear to support HEAD or POST requests.
The former would be useful from a performance point of view if you only
care about the status code; the latter could be used for things like brute
force login scripts. Sure, you could use comm.exchange, but it's not as
nice to work with.

So... I've attached a patch for http.lua that adds support for HEAD and
POST requests (http.head and http.post, to go with http.get). Opinions and
suggestions are welcome, especially as I'm new to LUA and because I've
been modifying other people's code and I don't want to step on any toes.

I've attached a test script that demonstrates how the new http.post
function works. The http.head function is basically the same as http.get.

I've also attached an updated version of my http-enum script, which now
uses HEAD (where properly supported by the server) instead of GET in an
attempt to improve performance, and potentially enumerates
files/directories where the server returns 200 instead of 404 (but I
haven't actually tested this bit yet as I need to find/configure a server
that's setup like that). This script uses the http.head function so you'll
need to apply the patch to http.lua to get it to work.

Rob

Attachment: http.lua_head_and_post.diff
Description:

Attachment: http-post-test.nse
Description:

Attachment: http-enum.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org