Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-cors

Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/http-cors.nse

User Summary

Tests an http server for Cross-Origin Resource Sharing (CORS), a way for domains to explicitly opt in to having certain methods invoked by another domain.

The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the responses.

Script Arguments

http-cors.path

The path to request. Defaults to /.

http-cors.origin

The origin used with requests. Defaults to example.com.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap -p 80 --script http-cors <target>

Script Output

80/tcp open
|_cors.nse: GET POST OPTIONS

Requires


Author: Toni Ruottu

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]