Nmap Development mailing list archives
Re: New script: http-headers.nse
From: Fyodor <fyodor () insecure org>
Date: Thu, 27 Aug 2009 01:06:05 -0700
On Tue, Aug 25, 2009 at 06:37:48PM -0500, Ron wrote:
I went ahead and checked this in, with the change suggested by Patrick. Let me know if there are any issues!
Thanks Ron. At first I thought the usefulness of this was a bit dubious considering how easy it is to do manually with ncat. Then I though, "well, this makes it easy for SSL servers too", but actually that is equally easy with Ncat. But after further contemplation, I do support the inclusion overall as http is an incredibly important protocol and many of these headers can actually be quite useful. I have a few comments/questions though: o Why do a GET request instead of HEAD? I'm not saying we should switch to HEAD, just wondering about your reasoning. After all, HEAD exists for basically this exact purpose. And it is slightly less intrusive on the server and does not waste bandwidth giving us content the script doesn't even look at. o The script loses the capitalization of the headers. I guess that is an http.get limitation. If it was just as easy, I'd prefer to keep the capitalization in http-headers. But it may not be worth adding some sort of option to http.get. o The script also seems to lose the header order (presumably due to http.get API). If we're going to lose the original order, we should probably just sort them rather than print them out semi-randomly. Or they could be given in a canonical order specified in the script which tries to group similar headers and also print more important ones first. Any which aren't specified in the script would be alphebetized at the end. o It would be great to have an NSE arg for specifying the path rather than always grabbing /. Sometimes I want to see the last modified date or content type or some other values for a specific URL. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New script: http-headers.nse Ron (Aug 22)
- Re: New script: http-headers.nse Patrick Donnelly (Aug 22)
- Re: New script: http-headers.nse Ron (Aug 22)
- Re: New script: http-headers.nse Ron (Aug 25)
- Re: New script: http-headers.nse Fyodor (Aug 27)
- Re: New script: http-headers.nse Ron (Aug 27)
- Re: New script: http-headers.nse Fyodor (Aug 27)
- Re: New script: http-headers.nse Patrick Donnelly (Aug 22)