Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-cors

Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/http-cors.nse

User Summary

Tests an http server for Cross-Origin Resource Sharing (CORS), a way for domains to explicitly opt in to having certain methods invoked by another domain.

The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the responses.

Script Arguments

http-cors.path

The path to request. Defaults to /.

http-cors.origin

The origin used with requests. Defaults to example.com.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 80 --script http-cors <target>

Script Output

80/tcp open
|_cors.nse: GET POST OPTIONS

Requires


Author: Toni Ruottu

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]