Listing supported HTTP methods
Web servers support different HTTP methods on their configuration and software, and some of them could be dangerous under certain conditions. System administrators and penetration testers need a way of quickly listing the available methods. NSE has a few scripts that allow us to list these potentially dangerous methods and test whether they are also accessible.
This recipe shows you how to use Nmap to enumerate all the HTTP methods supported by a web server.
How to do it...
Open a terminal and enter the following command:
$ nmap -p80,443 --script http-methods --script-args http- methods.test-all=true <target>
The results will include the supported methods for every web server detected on ports 80
or 443
:
Nmap scan report for localhost (127.0.0.1) Host is up (0.000042s latency). PORT STATE SERVICE 80/tcp open      http | http-methods: |     Supported Methods: GET HEAD POST...