Enumerating supported HTTP methods of web server using Nmap

in nmap •  5 years ago  (edited)

Motivation


Some HTTP methods could be vulnerable under certain conditions. System administrators and hackers which have working on web server must check about it. Nmap NSE script called http-methods, http-trace allow us not only to list HTTP methods, but to test if they are also accessible.

nmap -p80,443 --script http-methods,http-trace --script-args http-methods.test-all=true {target specification}



The results will include the supported HTTP methods for every web server detected on ports 80 or 443. If you want to check more ports out, then modify -p option.

How it works?


The NSE script http-methods uses a predefined list of methods, to determine the methods supported by a web server. The HTTP method OPTION is implemented in web servers to inform the clients of its supported methods. But, this method doesn't take into consideration configuration or firewall rules, so that methods listed by OPTIONS doesn't not necessarily mean that it is accessible to you. Therefore, the script http-methods will individually try the the methods : GET, HEAD, POST, OPTIONS, TRACE, DELETE, CONNECT, and PUT if the script argument test-all is true.

The HTTP TRACE method is designed for diagnostic or debugging purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in its response the exact request that was received. The script http-trace utilizes this feature. It sends HTTP TRACE request and returns any header fields modified in the response.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!