Nmap Development mailing list archives
Re: NSE Script http-methods.nse
From: Bernd Stroessenreuther <berny1 () users sourceforge net>
Date: Fri, 19 Feb 2010 20:29:07 +0100
Hi David,
I've implemented this in r16829. If the script doesn't find any methods other than GET, HEAD, POST, OPTIONS, and TRACE, it doesn't produce any output. In verbose mode, or if any other method is discovered, it prints out all methods it finds. Scripts that are listed by name get an automatic verbosity boost, so if you run with --script=http-methods, you will always see all methods.
Sounds great! Where can I download You version?
The uninteresting set {GET, HEAD, POST, OPTIONS, TRACE} just comes from a quick observation of a handful of web servers. I welcome suggestions of methods to be removed from or added to the set.
From my experience I would say: Nothing to add or remove. That should be it.
But I have nearly no experience with non-apache webservers. So maybe someone else can tell about the methods provided by default on other webservers. Or we could do a scan with active http-methods script on a bigger amount of servers over the internet...
I changed the output a bit. With the retest option on, it looks like this: 80/tcp open http | http-methods: GET,HEAD,POST,OPTIONS,TRACE | GET / -> HTTP/1.1 200 OK | HEAD / -> HTTP/1.1 200 OK | POST / -> HTTP/1.1 200 OK | OPTIONS / -> HTTP/1.1 200 OK |_TRACE / -> HTTP/1.1 200 OK
I guess this is closer to the style other NSE scripts format their output... Best regards, Bernd Stroessenreuther _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 02)
- Re: NSE script HTTPallowedMethods.nse David Fifield (Jan 12)
- NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 12)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 27)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse David Fifield (Jan 29)
- Re: NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 30)
- Re: NSE Script http-methods.nse David Fifield (Feb 01)
- Re: NSE Script http-methods.nse David Fifield (Feb 18)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- NSE Script http-methods.nse, WAS: NSE script HTTPallowedMethods.nse Bernd Stroessenreuther (Jan 12)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Feb 20)
- Re: NSE Script http-methods.nse David Fifield (Feb 22)
- Re: NSE Script http-methods.nse Fyodor (Feb 22)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Feb 23)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE script HTTPallowedMethods.nse David Fifield (Jan 12)
- Re: NSE Script http-methods.nse David Fifield (Mar 02)