PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Add http-methods.nse to the default category. Make it silent if the only

Browse Source 
methods it discovers are in (GET, HEAD, POST, OPTIONS, TRACE). In
verbose mode, or if any other method is discovered, it prints all
methods (and optionally retests them). See
http://seclists.org/nmap-dev/2010/q1/401.
This commit is contained in:
david
2010-02-19 05:42:36 +00:00
parent 3510744a54
commit 29efe81bf1
2 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
scripts/http-methods.nse
View File

@@ -4,6 +4,10 @@ description = [[
Connects to an HTTP server and sends an OPTIONS request to see which
HTTP methods are allowed on this server. Optionally tests each method
individually to see if they are subject to e.g. IP address restrictions.
By default, the script will not report anything if the only methods
found are GET, HEAD, POST, OPTIONS, or TRACE. If any other methods are
found, or if Nmap is run in verbose mode, then all of them are reported.
]]
---
@@ -31,11 +35,19 @@ author = "Bernd Stroessenreuther <berny1@users.sourceforge.net>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe"}
categories = {"default", "safe"}
require("http")
require("nmap")
require("stdnse")
-- We don't report these methods except with verbosity.
local UNINTERESTING_METHODS = {
"GET", "HEAD", "POST", "OPTIONS", "TRACE"
}
local filter_out
portrule = function(host, port)
if not (port.service == 'http' or port.service == 'https')
then
@@ -52,6 +64,7 @@ end
action = function(host, port)
local url_path, retest_http_methods
local response, methods, options_status_line, output
local uninteresting
-- default vaules for script-args
url_path = nmap.registry.args["http-methods.url-path"] or "/"
@@ -70,11 +83,21 @@ action = function(host, port)
return string.format("No Allow header in OPTIONS response (status code %d)", response.status)
end
if nmap.verbosity() == 0 then
uninteresting = UNINTERESTING_METHODS
else
uninteresting = {}
end
methods = stdnse.strsplit(",%s*", response.header["allow"])
if #filter_out(methods, uninteresting) == 0 then
return
end
output = { response.header["allow"] }
-- retest http methods if requested
if retest_http_methods then
local methods = stdnse.strsplit(",%s*", response.header["allow"])
local _
for _, method in ipairs(methods) do
local str
@@ -95,3 +118,24 @@ action = function(host, port)
return stdnse.strjoin("\n", output)
end
local function contains(t, elem)
local _, e
for _, e in ipairs(t) do
if e == elem then
return true
end
end
return false
end
function filter_out(t, filter)
local result = {}
local _, e, f
for _, e in ipairs(t) do
if not contains(filter, e) then
result[#result + 1] = e
end
end
return result
end