Nmap Development mailing list archives

Re: path parameter ignored in http.can_use_head function?

From: Ron <ron () skullsecurity net>
Date: Sat, 28 Aug 2010 20:17:33 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oops, my bad. It's a pretty simple fix - I missed an argument to can_use_head():

Index: scripts/http-headers.nse
===================================================================
- --- scripts/http-headers.nse    (revision 19912)
+++ scripts/http-headers.nse    (working copy)
@@ -46,7 +46,7 @@
        -- Check if the user didn't want HEAD to be used
        if(nmap.registry.args.useget == nil) then
                -- Try using HEAD first
- -               status, result = http.can_use_head(host, port, path)
+               status, result = http.can_use_head(host, port, nil, path)
        end
 
        -- If head failed, try using GET

I committed the patch. 


On Sun, 29 Aug 2010 00:03:42 +0100 Robin Wood <robin () digininja org> wrote:

Hi
I'm testing the http-headers.nse script and tried passing in a path
argument but it seems to be ignored. I added some debug to print the
path so I know that it is getting through to the path variable but
when I check my server logs the path requested is /.  It looks like
the http.can_use_head function is broken.

I'm running this on a Mac if that makes any difference.

Robin

robin@mactop ~ $ nmap  localhost -p 80 --script-args 'path=/testpath'
--script http-headers

Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-08-28 23:54 BST
NSE: /testpath
NSE: Script Scanning completed.
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00018s latency).
PORT   STATE SERVICE
80/tcp open  http
| http-headers:
|   Date: Sat, 28 Aug 2010 22:54:52 GMT
|   Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
PHP/5.3.1 |   Connection: close
|   Content-Type: text/html;charset=UTF-8
|
|_  (Request type: HEAD)

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

Apache log:

127.0.0.1 - - [28/Aug/2010:23:54:52 +0100] "HEAD / HTTP/1.1" 200 -
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkx5tS0ACgkQ2t2zxlt4g/TJHQCgq9yoDqwl9HNuMYYri/2B2Tdi
6ecAoII4nyz8VNImFp5Cs1tJq86tDSuD
=uUyz
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

path parameter ignored in http.can_use_head function? Robin Wood (Aug 28)
- Re: path parameter ignored in http.can_use_head function? Ron (Aug 28)
  - Re: path parameter ignored in http.can_use_head function? Robin Wood (Aug 29)