PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Remove TRACE from the http-methods.nse "uninteresting" set on a

Browse Source 
recommendation from Daniel Roethlisberger. TRACE is interesting because
it can be used to get cookies or authentication data in a cross-site
scripting attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.
This commit is contained in:
david
2010-02-22 21:42:47 +00:00
parent a67be3d7d1
commit e603eadd96
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/http-methods.nse
View File

@@ -6,8 +6,8 @@ HTTP methods are allowed on this server. Optionally tests each method
individually to see if they are subject to e.g. IP address restrictions. individually to see if they are subject to e.g. IP address restrictions.
By default, the script will not report anything if the only methods By default, the script will not report anything if the only methods
found are GET, HEAD, POST, OPTIONS, or TRACE. If any other methods are found are GET, HEAD, POST, or OPTIONS. If any other methods are found,
found, or if Nmap is run in verbose mode, then all of them are reported. or if Nmap is run in verbose mode, then all of them are reported.
]] ]]
--- ---
@@ -43,7 +43,7 @@ require("stdnse")
-- We don't report these methods except with verbosity. -- We don't report these methods except with verbosity.
local UNINTERESTING_METHODS = { local UNINTERESTING_METHODS = {
"GET", "HEAD", "POST", "OPTIONS", "TRACE" "GET", "HEAD", "POST", "OPTIONS"
} }
local filter_out local filter_out