NSEDoc

• Index
• NSE Documentation

Categories

• auth
• default
• discovery
• dos
• exploit
• external
• fuzzer
• intrusive
• malware
• safe
• version
• vuln

Scripts (show 134)(134)Scripts (134)

• afp-brute
• afp-path-vuln
• afp-serverinfo
• afp-showmount
• asn-query
• auth-owners
• auth-spoof
• banner
• citrix-brute-xml
• citrix-enum-apps
• citrix-enum-apps-xml
• citrix-enum-servers
• citrix-enum-servers-xml
• couchdb-databases
• couchdb-stats
• daap-get-library
• daytime
• db2-das-info
• dhcp-discover
• dns-cache-snoop
• dns-fuzz
• dns-random-srcport
• dns-random-txid
• dns-recursion
• dns-service-discovery
• dns-zone-transfer
• drda-brute
• drda-info
• finger
• ftp-anon
• ftp-bounce
• ftp-brute
• ftp-libopie
• html-title
• http-auth
• http-date
• http-enum
• http-favicon
• http-headers
• http-iis-webdav-vuln
• http-malware-host
• http-methods
• http-open-proxy
• http-passwd
• http-php-version
• http-trace
• http-userdir-enum
• http-vmware-path-vuln
• iax2-version
• imap-capabilities
• ipidseq
• irc-info
• irc-unrealircd-backdoor
• jdwp-version
• ldap-brute
• ldap-rootdse
• ldap-search
• lexmark-config
• mongodb-databases
• mongodb-info
• ms-sql-brute
• ms-sql-config
• ms-sql-empty-password
• ms-sql-hasdbaccess
• ms-sql-info
• ms-sql-query
• ms-sql-tables
• ms-sql-xp-cmdshell
• mysql-brute
• mysql-databases
• mysql-empty-password
• mysql-info
• mysql-users
• mysql-variables
• nbstat
• nfs-ls
• nfs-showmount
• nfs-statfs
• ntp-info
• ntp-monlist
• oracle-sid-brute
• p2p-conficker
• pgsql-brute
• pjl-ready-message
• pop3-brute
• pop3-capabilities
• pptp-version
• qscan
• realvnc-auth-bypass
• robots.txt
• rpcinfo
• skypev2-version
• smb-brute
• smb-check-vulns
• smb-enum-domains
• smb-enum-groups
• smb-enum-processes
• smb-enum-sessions
• smb-enum-shares
• smb-enum-users
• smb-os-discovery
• smb-psexec
• smb-security-mode
• smb-server-stats
• smb-system-info
• smbv2-enabled
• smtp-commands
• smtp-enum-users
• smtp-open-relay
• smtp-strangeport
• sniffer-detect
• snmp-brute
• snmp-interfaces
• snmp-netstat
• snmp-processes
• snmp-sysdescr
• snmp-win32-services
• snmp-win32-shares
• snmp-win32-software
• snmp-win32-users
• socks-open-proxy
• sql-injection
• ssh-hostkey
• sshv1
• ssl-cert
• ssl-enum-ciphers
• sslv2
• telnet-brute
• upnp-info
• vnc-brute
• vnc-info
• wdb-version
• whois
• x11-access

Libraries (show 47)(47)Libraries (47)

• afp
• asn1
• base64
• bin
• bit
• brute
• citrixxml
• comm
• datafiles
• dns
• drda
• http
• imap
• ipOps
• json
• ldap
• listop
• match
• mongodb
• msrpc
• msrpcperformance
• msrpctypes
• mssql
• mysql
• netbios
• nmap
• nsedebug
• openssl
• packet
• pcre
• pgsql
• pop3
• proxy
• rpc
• shortport
• smb
• smbauth
• snmp
• ssh1
• ssh2
• stdnse
• strbuf
• strict
• tab
• unpwdb
• url
• vnc

File http-trace

Download: http://nmap.org/svn/scripts/http-trace.nse

User Summary

Sends an HTTP TRACE request and shows header fields that were modified in the response.

Example Usage

nmap -sV --script=http-trace <target>

Script Output

80/tcp open  http
|  http-trace: Response differs from request.  First 5 additional lines:
|  Cookie: UID=d4287aa38d02f409841b4e0c0050c131...
|  Country: us
|  Ip_is_advertise_combined: yes
|  Ip_conntype-Confidence: -1
|_ Ip_line_speed: medium

Requires

• comm
• shortport
• stdnse

---

Categories: discovery safe

Author: Kris Katterjohn

License: Same as Nmap--See http://nmap.org/book/man-legal.html