From e603eadd9614908eb838f0cb23f72c850d1d3187 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 22 Feb 2010 21:42:47 +0000
Subject: [PATCH] Remove TRACE from the http-methods.nse "uninteresting" set on
 a recommendation from Daniel Roethlisberger. TRACE is interesting because it
 can be used to get cookies or authentication data in a cross-site scripting
 attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.

---
 scripts/http-methods.nse | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/http-methods.nse b/scripts/http-methods.nse
index c082a2200..116186641 100644
--- a/scripts/http-methods.nse
+++ b/scripts/http-methods.nse
@@ -6,8 +6,8 @@ HTTP methods are allowed on this server. Optionally tests each method
 individually to see if they are subject to e.g. IP address restrictions.
 
 By default, the script will not report anything if the only methods
-found are GET, HEAD, POST, OPTIONS, or TRACE. If any other methods are
-found, or if Nmap is run in verbose mode, then all of them are reported.
+found are GET, HEAD, POST, or OPTIONS. If any other methods are found,
+or if Nmap is run in verbose mode, then all of them are reported.
 ]]
 
 ---
@@ -43,7 +43,7 @@ require("stdnse")
 
 -- We don't report these methods except with verbosity.
 local UNINTERESTING_METHODS = {
-	"GET", "HEAD", "POST", "OPTIONS", "TRACE"
+	"GET", "HEAD", "POST", "OPTIONS"
 }
 
 local filter_out