Nmap Development mailing list archives
Re: http-methods.nse implementation
From: Rob Nicholls <robert () robnicholls co uk>
Date: Tue, 08 Mar 2011 13:49:43 +0000
On Tue, 8 Mar 2011 15:33:48 +0200, Josh Amishav-Zlatin wrote:
Would it make more sense for thescript to have a base list of methods that it checks for regardless ofwhether OPTIONS is enabled or not and then appends that list based on the results of an OPTIONS request?
I'd prefer not to trust OPTIONS at all, and perhaps rename the existing option or add something like http-methods.force or http-methods.thorough to test a long hardcoded base list of methods like you suggest. The current "retest" option doesn't really retest the methods, it simply performs a more thorough test based on the original OPTIONS response (which, as you point out, could be inaccurate).
Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-methods.nse implementation Josh Amishav-Zlatin (Mar 08)
- Re: http-methods.nse implementation Rob Nicholls (Mar 08)
- Re: http-methods.nse implementation Vlatko Kosturjak (Mar 08)
- Re: http-methods.nse implementation Toni Ruottu (Mar 08)
- Re: http-methods.nse implementation Rob Nicholls (Mar 08)
- Re: http-methods.nse implementation Josh Amishav-Zlatin (Mar 08)
- Re: http-methods.nse implementation Vlatko Kosturjak (Mar 08)
- Re: http-methods.nse implementation Rob Nicholls (Mar 08)