PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity

NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251

Browse Source
This commit is contained in:
tomsellers
2015-12-05 10:16:51 +00:00
parent 2c3673a647
commit 58f00324eb
11 changed files with 44 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/http-enum.nse
View File

@@ -366,10 +366,11 @@ action = function(host, port)
end
stdnse.debug1("Loaded %d fingerprints", #fingerprints)
-- Check what response we get for a 404
local result, result_404, known_404 = http.identify_404(host, port)
if(result == false) then
return stdnse.format_output(false, result_404)
-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
local status_404, result_404, known_404 = http.identify_404(host,port)
if ( status_404 and result_404 == 200 ) then
stdnse.debug1("Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", host.ip, port.number)
return nil
end
-- Queue up the checks