File http-cors
Script types:
portrule
Categories:
default, discovery, safe
Download: http://nmap.org/svn/scripts/http-cors.nse
User Summary
Tests an http server for Cross-Origin Resource Sharing (CORS), a way for domains to explicitly opt in to having certain methods invoked by another domain.
The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the responses.
Script Arguments
http-cors.path
The path to request. Defaults to
/.
http-cors.origin
The origin used with requests. Defaults to
example.com.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap -p 80 --script http-cors <target>
Script Output
80/tcp open |_cors.nse: GET POST OPTIONS
Requires
Author: Toni Ruottu
License: Same as Nmap--See http://nmap.org/book/man-legal.html