Script `http-trace`

Script types: portrule
Categories: vuln, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-trace.nse

Script Summary

Sends an HTTP TRACE request and shows if the method TRACE is enabled. If debug is enabled, it returns the header fields that were modified in the response.

Script Arguments

http-trace.path: Path to URI
slaxml.debug: See the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent: See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.

Example Usage

nmap --script http-trace -d <ip>

Script Output

80/tcp open  http    syn-ack
| http-trace: TRACE is enabled
| Headers:
| Date: Tue, 14 Jun 2011 04:41:28 GMT
| Server: Apache
| Connection: close
| Transfer-Encoding: chunked
|_Content-Type: message/http

Requires

Author:

Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

host
port

Script http-trace

Script Summary

Script Arguments

Example Usage

Script Output

Requires

action

Parameters

Script `http-trace`