Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File http-cookie-flags

Script types: portrule
Categories: default, safe, vuln
Download: https://svn.nmap.org/nmap/scripts/http-cookie-flags.nse

User Summary

Examines cookies set by HTTP services. Reports any session cookies set without the httponly flag. Reports any session cookies set over SSL without the secure flag. If http-enum.nse is also run, any interesting paths found by it will be checked in addition to the root.

See also:

Script Arguments

cookie

Specific cookie name to check flags on. Default: A variety of commonly used session cookie names and patterns.

path

Specific URL path to check for session cookie flags. Default: / and those found by http-enum.

slaxml.debug

See the documentation for the slaxml library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 443 --script http-cookie-flags <target>

Script Output

443/tcp open  https
| http-cookie-flags:
|   /:
|     PHPSESSID:
|       secure flag not set and HTTPS in use
|   /admin/:
|     session_id:
|       secure flag not set and HTTPS in use
|       httponly flag not set
|   /mail/:
|     ASPSESSIONIDASDF:
|       httponly flag not set
|     ASP.NET_SessionId:
|_      secure flag not set and HTTPS in use

Requires


Author:

  • Steve Benson

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]