Scripthttp-methods

Script types:portrule
Categories:default,safe
Download:https://svn.nmap.org/nmap/scripts/http-methods.nse

Script Summary

Finds out what options are supported by an HTTP server by sending anOPTIONS request. Lists potentially risky methods. It tests those methodsnot mentioned in the OPTIONS headers individually and sees if they areimplemented. Any output other than 501/405 suggests that the method isif not in the range 400 to 600. If the response falls under that range thenit is compared to the response from a randomly generated method.

In this script, "potentially risky" methods are anything except GET,HEAD, POST, and OPTIONS. If the script reports potentially riskymethods, they may not all be security risks, but you should check tomake sure. This page lists the dangers of some common methods:

http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29

The list of supported methods comes from the contents of the Allow andPublic header fields. In verbose mode, a list of all methods is printed,followed by the list of potentially risky methods. Without verbose mode,only the potentially risky methods are shown.

See also:

• http-method-tamper.nse
• http-trace.nse
• http-put.nse

Script Arguments

http-methods.url-path

The path to request. Defaults to/.

http-methods.test-all

If set true tries all the unsafe methods as well.

http-methods.retest

If defined, do a request using each methodindividually and show the response code. Use of this argument canmake this script unsafe; for exampleDELETE / ispossible. All methods received through options are tested with genericrequests. Saved status lines are shown for rest.

slaxml.debug

See the documentation for theslaxml library.

http.host,http.max-body-size,http.max-cache-size,http.max-pipeline,http.pipeline,http.truncated-ok,http.useragent

See the documentation for thehttp library.

smbdomain,smbhash,smbnoguest,smbpassword,smbtype,smbusername

See the documentation for thesmbauth library.

Example Usage

nmap --script http-methods <target>nmap --script http-methods --script-args http-methods.url-path='/website' <target>

Script Output

PORT   STATE SERVICE REASON80/tcp open  http    syn-ack| http-methods:|_  Supported Methods: GET HEAD POST OPTIONS

Requires

• http
• nmap
• shortport
• stdnse
• string
• stringaux
• table
• tableaux
• rand

Authors:

• Bernd Stroessenreuther <berny1@users.sourceforge.net>
• Gyanendra Mishra

License: Same as Nmap--Seehttps://nmap.org/book/man-legal.html