312-50V11 · Question #784
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT
The correct answer is A. http-methods. The Nmap NSE script http-methods enumerates the HTTP methods supported by a web server, including potentially dangerous ones like PUT and DELETE.
Question
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?
Options
- Ahttp-methods
- Bhttp enum
- Chttp-headers
- Dhttp-git
How the community answered
(32 responses)- A88% (28)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
The Nmap NSE script http-methods enumerates the HTTP methods supported by a web server, including potentially dangerous ones like PUT and DELETE.
The http-methods Nmap NSE script sends OPTIONS and other probe requests to a web server to discover which HTTP methods - GET, POST, HEAD, PUT, DELETE, TRACE - are enabled. It specifically flags potentially risky methods like PUT and DELETE that could allow unauthorized file uploads or deletions on the target server.
http-enum is an NSE script used to enumerate web directories, files, and resources on a server - not to list supported HTTP methods.
http-headers retrieves and displays the HTTP response headers from a web server but does not enumerate or test supported HTTP methods.
http-git checks whether a web server exposes a .git directory that could leak source code, and has no capability to enumerate HTTP methods.
Concept tested: Nmap NSE script for HTTP method enumeration
Source: https://nmap.org/nsedoc/scripts/http-methods.html
Topics
Community Discussion
No community discussion yet for this question.