Nmap Development mailing list archives
Re: NSE Script http-methods.nse
From: Vlatko Kosturjak <kost () linux hr>
Date: Sun, 21 Feb 2010 20:40:32 +0100
On 02/19/2010 06:47 AM, David Fifield wrote:
On Mon, Feb 01, 2010 at 12:25:37PM -0700, David Fifield wrote:On Sat, Jan 30, 2010 at 09:11:01PM +0100, Bernd Stroessenreuther wrote:Fyodor had some ideas for enhancement of the script, such as making it default and only printing "interesting" methods in non-verbose mode.Even if I'm not sure why some methods should be more interesting then others, I'm prying. You surely know much better then I, what nmap users find interesting or useful...The uninteresting set {GET, HEAD, POST, OPTIONS, TRACE} just comes from a quick observation of a handful of web servers. I welcome suggestions of methods to be removed from or added to the set.
Not suggestion of methods, but some time ago, I've written a quick and straightforward paper (2 pages long) about HTTP methods enumeration (known and unknown), so maybe it can help you for ideas:
http://kost.com.hr/dl/enumerating-http-methods.pdfIt might be old, but I think it still have all tricks to get the HTTP methods available/enabled. So, maybe you want to take a look for inspiration.
There is also some Perl code as PoC: http://kost.com.hr/dl/http-get-methods-1.1.tar.gzSome of the tricks can be used for HTTP fingerprinting as well. I think HTTP fingerprinting would perfectly fit into Nmap set of scripts, but with all known HTTP server enumeration tricks (analyze additional response headers returned by HTTP server to different requests, analyze order of HTTP headers, etc). Maybe entry job for some GSOC student?
Kost _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSE Script http-methods.nse, (continued)
- Re: NSE Script http-methods.nse David Fifield (Feb 19)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Feb 20)
- Re: NSE Script http-methods.nse David Fifield (Feb 22)
- Re: NSE Script http-methods.nse Fyodor (Feb 22)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Feb 23)
- Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Mar 02)
- Re: NSE Script http-methods.nse Daniel Roethlisberger (Mar 05)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Mar 05)
- Re: NSE Script http-methods.nse Vlatko Kosturjak (Feb 21)
- Re: NSE Script http-methods.nse David Fifield (Feb 22)
- Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 23)
- Re: NSE Script http-methods.nse David Fifield (Feb 23)