PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 00:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Added HTTP status code 400 (Bad request) to the list of ignored codes in

Browse Source 
http-method-tamper.nse, which is the behavior of many servers (makes sense as
this is rather a client-side error).
This commit is contained in:
henri
2012-10-12 12:25:45 +00:00
parent 3858d67874
commit b3361b56d0
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/http-method-tamper.nse
View File

@@ -82,9 +82,14 @@ local function probe_http_verbs(host, port, uri)
if post_req and post_req.status ~= 401 then
return true, "POST"
end
--With a random generated verb we also look for "invalid method" status 501
--With a random generated verb we look for 400 and 501 status
local random_verb_req = http.generic_request(host, port, stdnse.generate_random_string(4), uri)
if random_verb_req and random_verb_req.status ~= 401 and random_verb_req.status ~= 501 then
local retcodes = {
[400] = true, -- Bad Request
[401] = true, -- Authentication needed
[501] = true, -- Invalid method
}
if random_verb_req and not retcodes[random_verb_req.status] then
return true, "GENERIC"
end