OWASP

CM-008

OWASP-CM-008 tests the HTTP methods of a website that are available.

Parser

synopsis:Specialized ptp.libptp.parser.AbstractParser classes for the tool OWASP-CM-008.
class ptp.tools.owasp.cm008.parser.OWASPCM008Parser(pathname='./', filename='*', light=False, first=True)[source]

OWASPCM008 specialized parser.

__tool__ = 'owasp-cm-008'
classmethod is_mine(pathname, filename='*', light=True, first=False)[source]

Check if it can handle the report file.

Parameters:
  • pathname (str) – Path to the report directory.
  • filename (str) – Regex matching the report file.
  • light (bool) – True to only parse the ranking of the findings from the report.
  • first (bool) – Only process first file (True) or each file that matched (False).
Raises:
  • IOError – when the report file cannot be found.
  • OSError – when the report file cannot be found.
Returns:

True if it supports the report, False otherwise.

Return type:

bool

parse_metadata()[source]

Parse the metadata of the report.

Returns:The metadata of the report.
Return type:dict
parse_report()[source]

Parser the results of OWASP-CM-008 results.

Returns:List of dicts where each one represents a discovery.
Return type:list

Signatures

synopsis:OWASP-CM-008 does not provide ranking for the HTTP allowed methods it has found. This file tries to define a ranking for each possible method.
ptp.tools.owasp.cm008.signatures.SIGNATURES = {'PUT': 4, 'DELETE': 4, 'CONNECT': 3, 'TRACE': 2, 'HEAD': 2}
Data:dict of the methods with their rank.