Nmap Development mailing list archives
NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse
From: Bernd Stroessenreuther <berny1 () users sourceforge net>
Date: Tue, 12 Jan 2010 22:21:28 +0100
Hi David, Thank You for Your ideas.
Thanks for writing! Sorry for taking so long to respond. Can you tell us more about how this script is useful to you?
e. g. if You want to see, if everything on Your network is as it should be, You might want to use nmap. If nmap tells there is an open port 80 on a machine You use as a webserver, normally You do'nt worry about this. But maybe someone did a misconfiguration on the webserver and did enable WebDAV, maybe You should worry, because now Your Content is writeable. This script is able to find out the difference. Normally it reports only methods GET,HEAD,POST,OPTIONS,TRACE but with WebDAV enabled it reports additional methods like PROPFIND, DELETE, ... But sometimes this is a false positiv, because the admin allows the additional methods of WebDAV only for certain users or from some IP addresses. That's what the retest is for. Or maybe the security policy in Your company is to generally have TRACE disabled. With this script You can quickly verify it is.
I tried it and hit a little bug: $ ./nmap --datadir . --script=HTTPallowedMethods.nse -p 80 -d www.bamsoftware.com Initiating NSE at 11:49 NSE: NSE Script Threads (1) running: NSE: Starting HTTPallowedMethods against 69.164.193.231:80. NSE: HTTPallowedMethods.nse: HTTP Status for OPTIONS is 301 Moved Permanently NSE: HTTPallowedMethods against 69.164.193.231:80 threw an error! ./scripts/HTTPallowedMethods.nse:114: attempt to concatenate local 'methods' (a nil value) stack traceback: ./scripts/HTTPallowedMethods.nse:114: in function <./scripts/HTTPallowedMethods.nse:67> (tail call): ? My web server is returning a 301 redirect for requests without a Host header. The response doesn't contain an Allow header so the variable is left nil.
Is fixed now. 403 did cause similar problems.
Some ideas for the script: You should rename it to fit the model of other scripts; http-methods.nse perhaps.
Done.
Do you think it's a good idea to retest all the methods by default?
By default no retest is done. You have to ask for retests by a script option.
The script args should have names based on the name of the script, like http-methods.retest and http-methods.url.
Tried these names but they make problems when using with nmap 5.00 NSE: http-methods threw an error! ./http-methods.nse:77: attempt to index local 'methods' (a nil value) stack traceback: ./http-methods.nse:77: in function <./http-methods.nse:67> (tail call): ? Do not understand, what is wrong there. Does anyone have a hint for me?? Meanwhile I left the old names.
It would be nice if you could use the http.lua module to make this script work, because then it would add the Host header automatically and use the HTTP cache. But looking now, I think the module is not yet up to the task. What we need is a generic request function that takes a method, a URL, a header table, and optionally a body. This function would set the User-Agent and Host and anything else before sending the request. I have some enhancements to the http library's parsing in a branch that I'm going to merge after the next release. I think this would be a good thing to add.
I think I wait for Your enhancements, because they sound very helpful and adapt my script afterwards to use http.lua. I attached the new version of my script. Bernd
Attachment:
http-methods.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 02)
- Re: NSE script HTTPallowedMethods.nse David Fifield (Jan 12)
- NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 12)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 27)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse David Fifield (Jan 29)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 30)
- Re: NSE Script http-methods.nse David Fifield (Feb 01)
- Re: NSE Script http-methods.nse David Fifield (Feb 18)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 12)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Feb 20)
- Re: NSE script HTTPallowedMethods.nse David Fifield (Jan 12)