Nmap Development mailing list archives
Re: NSE Script http-methods.nse
From: Daniel Roethlisberger <daniel () roe ch>
Date: Fri, 5 Mar 2010 19:56:55 +0100
David Fifield <david () bamsoftware com> 2010-03-02:
On Mon, Feb 22, 2010 at 04:37:47PM -0800, Fyodor wrote:On Mon, Feb 22, 2010 at 02:43:35PM -0700, David Fifield wrote:On Sun, Feb 21, 2010 at 12:49:23AM +0100, Daniel Roethlisberger wrote:David Fifield <david () bamsoftware com> 2010-02-18: http://www.owasp.org/index.php/Cross_Site_TracingOkay, sounds good. I was not aware of that possibility. I removed TRACE from the uninteresting set.I agree that TRACE can be interesting, and probably is worth noting. But we need to take extra care in the output of this script, as (per Bernd's research) it will now output on more than half of all web servers encountered. [...]I made changes and this is how it works now: $ nmap -p 80 -sC www.google.com www.apache.org www.bamsoftware.com Nmap scan report for www.google.com (74.125.19.99) PORT STATE SERVICE 80/tcp open http |_http-methods: No Allow or Public header in OPTIONS response (status code 400) Nmap scan report for www.apache.org (192.87.106.226) PORT STATE SERVICE 80/tcp open http | http-methods: Potentially risky methods: TRACE |_See http://nmap.org/nsedoc/scripts/http-methods.html Nmap scan report for www.bamsoftware.com (69.164.193.231) PORT STATE SERVICE 80/tcp open http $ nmap -p 80 -sC -v www.google.com www.apache.org www.bamsoftware.com Nmap scan report for www.google.com (74.125.19.105) PORT STATE SERVICE 80/tcp open http |_http-methods: No Allow or Public header in OPTIONS response (status code 400) Nmap scan report for www.apache.org (192.87.106.226) PORT STATE SERVICE 80/tcp open http | http-methods: GET HEAD POST OPTIONS TRACE | Potentially risky methods: TRACE |_See http://nmap.org/nsedoc/scripts/http-methods.html Nmap scan report for www.bamsoftware.com (69.164.193.231) PORT STATE SERVICE 80/tcp open http |_http-methods: GET HEAD POST OPTIONS Does that look good?
To me, it does look good. Thanks. -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSE Script http-methods.nse, (continued)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Feb 20)
- Re: NSE Script http-methods.nse David Fifield (Feb 22)
- Re: NSE Script http-methods.nse Fyodor (Feb 22)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Feb 23)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Mar 02)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Mar 05)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Mar 05)
- Re: NSE Script http-methods.nse Vlatko Kosturjak (Feb 21)
- Re: NSE Script http-methods.nse David Fifield (Feb 22)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Feb 23)