Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script http-methods.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 1 Feb 2010 12:25:37 -0700
On Sat, Jan 30, 2010 at 09:11:01PM +0100, Bernd Stroessenreuther wrote:

Hi David,


Thank you for the update. I want to add the script, but first I want to
know if you are willing to license the script like the other Nmap
scripts,

license = "Same as Nmap--See http://nmap.org/book/man-legal.html";


I do like very much the freedom the GPL gives and enforces. So I did put it 
under GPL at first. I'm not only happy if someone else has the possibility to 
relicense the code e. g. under a commercial license.

But in the end I think it is the best solution to have this script in the 
official release. And because of this, it is clear it needs the same license 
as the other nmap components.

So yes, I license it under the terms of http://nmap.org/book/man-legal.html


Thanks. This is committed in r16661.


Fyodor had some ideas for enhancement of the script, such as making it
default and only printing "interesting" methods in non-verbose mode.


Even if I'm not sure why some methods should be more interesting then others, 
I'm prying. You surely know much better then I, what nmap users find 
interesting or useful...  


The idea here is to make the script default, because if a server
supports DELETE or something, someone running with -sC probably wants to
see that. But for ordinary methods like GET and HEAD, the user probably
doesn't want to see those for every server. With one level of -v, the
script would print out all methods. Scripts that are listed by name
always get an increase of one -v automatically, so if you run
--script=http-methods, you will see all the methods for every server.
Here are some examples:

$ nmap -sC scanme.nmap.org -p 80
(No http-methods output.)

$ nmap --script=safe scanme.nmap.org -p 80
(No http-methods output.)

$ nmap -sC -v scanme.nmap.org -p 80
|_http-methods: OPTIONS / request returned: GET,HEAD,POST,OPTIONS,TRACE

$ nmap --script=http-methods scanme.nmap.org -p 80
|_http-methods: OPTIONS / request returned: GET,HEAD,POST,OPTIONS,TRACE

It's like, we want something like an http-dangerous-methods script,
which only highlights methods you don't expect to see on every web
server. But you also want a script to just give you a plain report of
what options the server supports. Maybe this script can do both? What do
you think.

I just tried the script against the CouchDB server, and got the result
|_http-methods: OPTIONS / request returned: GET,HEAD
This despite the fact that the server doesn't even support OPTION, as
Ncat reports:

OPTIONS / HTTP/1.0

HTTP/1.0 405 Method Not Allowed
Server: CouchDB/0.10.1 (Erlang OTP/R13B)
Date: Mon, 01 Feb 2010 19:19:24 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 64
Cache-Control: must-revalidate
Allow: GET,HEAD

{"error":"method_not_allowed","reason":"Only GET,HEAD allowed"}

Good job!

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: