From b3361b56d09bfc791be02a66346c645618dbee87 Mon Sep 17 00:00:00 2001
From: henri <henri@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 12 Oct 2012 12:25:45 +0000
Subject: [PATCH] Added HTTP status code 400 (Bad request) to the list of
 ignored codes in http-method-tamper.nse, which is the behavior of many
 servers (makes sense as this is rather a client-side error).

---
 scripts/http-method-tamper.nse | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/scripts/http-method-tamper.nse b/scripts/http-method-tamper.nse
index 8b31dc926..686f2e2b4 100644
--- a/scripts/http-method-tamper.nse
+++ b/scripts/http-method-tamper.nse
@@ -82,9 +82,14 @@ local function probe_http_verbs(host, port, uri)
   if post_req and post_req.status ~= 401 then
     return true, "POST"
   end 
-  --With a random generated verb we also look for "invalid method" status 501 
+  --With a random generated verb we look for 400 and 501 status
   local random_verb_req = http.generic_request(host, port, stdnse.generate_random_string(4), uri)
-  if random_verb_req and random_verb_req.status ~= 401 and random_verb_req.status ~= 501 then
+  local retcodes = {
+      [400] = true, -- Bad Request
+      [401] = true, -- Authentication needed
+      [501] = true, -- Invalid method
+  }
+  if random_verb_req and not retcodes[random_verb_req.status] then
     return true, "GENERIC"
   end