Nmap Development mailing list archives

Re: Nmap Erros on URI using NSE

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 10 Aug 2014 07:33:51 -0500

On Sat, Aug 9, 2014 at 11:04 PM, Shritam Bhowmick <
shritam.bhowmick () gmail com> wrote:


It's much easier when you look at the source and the default methods are
not declared. I take them as a GET since none such methods were declared at
the source.


Shritam,

The documentation for the script (
http://nmap.org/nsedoc/scripts/http-form-brute.html) states:

"After attempting to authenticate using a HTTP POST request the script
analyzes the response"

I suppose adding a script-arg "http-form-brute.verb" could be useful in odd
cases like this, but as I stated before, passing authentication parameters
in a GET request is unusual because of caching and logging issues.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)
  - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
    - Re: Nmap Erros on URI using NSE Daniel Miller (Aug 10)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 10)
    - Re: Nmap Erros on URI using NSE Robin Wood (Aug 10)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 11)
    - Re: Nmap Erros on URI using NSE nnposter (Aug 12)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 13)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
    - Re: Nmap Erros on URI using NSE nnposter (Aug 14)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
    - Re: Nmap Erros on URI using NSE Robin Wood (Aug 14)

(Thread continues...)