PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251

Browse Source
This commit is contained in:
tomsellers
2015-12-05 10:16:51 +00:00
parent 2c3673a647
commit 58f00324eb
11 changed files with 44 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/http-userdir-enum.nse
View File

@@ -55,10 +55,11 @@ action = function(host, port)
return fail("Didn't find any users to test (should be in nselib/data/usernames.lst)")
end
-- Check what response we get for a 404
local result, result_404, known_404 = http.identify_404(host, port)
if(result == false) then
return fail(result_404)
-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
local status_404, result_404, known_404 = http.identify_404(host,port)
if ( status_404 and result_404 == 200 ) then
stdnse.debug1("Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", host.ip, port.number)
return nil
end
-- Check if we can use HEAD requests