Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script http-methods.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Feb 2010 14:21:22 -0700
On Sun, Feb 21, 2010 at 08:40:32PM +0100, Vlatko Kosturjak wrote:

On 02/19/2010 06:47 AM, David Fifield wrote:

On Mon, Feb 01, 2010 at 12:25:37PM -0700, David Fifield wrote:

On Sat, Jan 30, 2010 at 09:11:01PM +0100, Bernd Stroessenreuther wrote:

Fyodor had some ideas for enhancement of the script, such as making it
default and only printing "interesting" methods in non-verbose mode.


Even if I'm not sure why some methods should be more interesting 
then others, I'm prying. You surely know much better then I, what 
nmap users find interesting or useful...  

The uninteresting set {GET, HEAD, POST, OPTIONS, TRACE} just comes from
a quick observation of a handful of web servers. I welcome suggestions
of methods to be removed from or added to the set.


Not suggestion of methods, but some time ago, I've written a quick and  
straightforward paper (2 pages long) about HTTP methods enumeration  
(known and unknown), so maybe it can help you for ideas:
http://kost.com.hr/dl/enumerating-http-methods.pdf

It might be old, but I think it still have all tricks to get the HTTP  
methods available/enabled. So, maybe you want to take a look for  
inspiration.

There is also some Perl code as PoC:
http://kost.com.hr/dl/http-get-methods-1.1.tar.gz

Some of the tricks can be used for HTTP fingerprinting as well. I think  
HTTP fingerprinting would perfectly fit into Nmap set of scripts, but  
with all known HTTP server enumeration tricks (analyze additional  
response headers returned by HTTP server to different requests, analyze  
order of HTTP headers, etc). Maybe entry job for some GSOC student?


That has some good ideas. I like the idea of using a nonexistent method
for enumeration. You can use that to get the methods from an Ncat HTTP
proxy:

$ ncat -l --proxy-type http
$ ncat localhost
BOGUS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST

$ ncat localhost
OPTIONS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST

(Here there is kind of a special case because Ncat doesn't support
OPTIONS, but it treats it as any other unknown method so it works out
the same. Also note you have use something that looks like a URL or else
Ncat will give a 400 Bad Request instead.)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: