Nmap Development mailing list archives
[PATCH] HEAD and POST support in http.lua
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Tue, 31 Mar 2009 14:47:28 +0100 (BST)
I noticed that http.lua doesn't appear to support HEAD or POST requests. The former would be useful from a performance point of view if you only care about the status code; the latter could be used for things like brute force login scripts. Sure, you could use comm.exchange, but it's not as nice to work with. So... I've attached a patch for http.lua that adds support for HEAD and POST requests (http.head and http.post, to go with http.get). Opinions and suggestions are welcome, especially as I'm new to LUA and because I've been modifying other people's code and I don't want to step on any toes. I've attached a test script that demonstrates how the new http.post function works. The http.head function is basically the same as http.get. I've also attached an updated version of my http-enum script, which now uses HEAD (where properly supported by the server) instead of GET in an attempt to improve performance, and potentially enumerates files/directories where the server returns 200 instead of 404 (but I haven't actually tested this bit yet as I need to find/configure a server that's setup like that). This script uses the http.head function so you'll need to apply the patch to http.lua to get it to work. Rob
Attachment:
http.lua_head_and_post.diff
Description:
Attachment:
http-post-test.nse
Description:
Attachment:
http-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] HEAD and POST support in http.lua Rob Nicholls (Mar 31)
- Re: [PATCH] HEAD and POST support in http.lua Jabra (Mar 31)