Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script http-methods.nse

From: Bernd Stroessenreuther <berny1 () users sourceforge net>
Date: Fri, 19 Feb 2010 20:29:07 +0100
Hi David,


I've implemented this in r16829. If the script doesn't find any methods
other than GET, HEAD, POST, OPTIONS, and TRACE, it doesn't produce any
output. In verbose mode, or if any other method is discovered, it prints
out all methods it finds. Scripts that are listed by name get an
automatic verbosity boost, so if you run with --script=http-methods, you
will always see all methods.


Sounds great!
Where can I download You version?


The uninteresting set {GET, HEAD, POST, OPTIONS, TRACE} just comes from
a quick observation of a handful of web servers. I welcome suggestions
of methods to be removed from or added to the set.



From my experience I would say: Nothing to add or remove. That should be it.

But I have nearly no experience with non-apache webservers.
So maybe someone else can tell about the methods provided by default on other 
webservers.
Or we could do a scan with active http-methods script on a bigger amount of 
servers over the internet...


I changed the output a bit. With the retest option on, it looks like
this:

80/tcp open  http

| http-methods: GET,HEAD,POST,OPTIONS,TRACE
| GET / -> HTTP/1.1 200 OK
| HEAD / -> HTTP/1.1 200 OK
| POST / -> HTTP/1.1 200 OK
| OPTIONS / -> HTTP/1.1 200 OK
|_TRACE / -> HTTP/1.1 200 OK


I guess this is closer to the style other NSE scripts format their output...

Best regards,
   Bernd Stroessenreuther
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: