Listing supported HTTP methods
Web servers support different HTTP methods on their configuration and software, and some of them could be dangerous under certain conditions. System administrators and penetration testers need a way of quickly listing the available methods. Nmap NSE has few scripts that will allow us not only to list these potentially dangerous methods, but to test if they are also accessible.
This recipe shows you how to use Nmap to enumerate all the HTTP methods supported by a web server.
How to do it...
Open a terminal and enter the following command:
$ nmap -p80,443 --script http-methods,http-trace --script-args http-methods.test-all=true <target>
The results will include the supported methods for every web server detected on ports 80
or 443
:
$ nmap -p80--script http-methods,http-trace --script-args http-methods.test -all=true 127.0.0.1
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000042s latency).
PORT STATE SERVICE
80/tcpopen http
...