Script http-trace

Script types: portrule
Categories: vuln, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-trace.nse

Script Summary

Sends an HTTP TRACE request and shows if the method TRACE is enabled. If debug is enabled, it returns the header fields that were modified in the response.

Script Arguments

http-trace.path

Path to URI

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script http-trace -d <ip>

Script Output

80/tcp open  http    syn-ack
| http-trace: TRACE is enabled
| Headers:
| Date: Tue, 14 Jun 2011 04:41:28 GMT
| Server: Apache
| Connection: close
| Transfer-Encoding: chunked
|_Content-Type: message/http

Requires


Author:

  • Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

host
 
port