by This is a small script that uses netcat in order to connect to a remote web server and to discover which HTTP methods supports.You can see below the source code:
#!/bin/bash
for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND;
do
printf "$webservmethod " ;
printf "$webservmethod / HTTP/1.1\nHost: $1\n\n" | nc -q 1 $1 80 | grep "HTTP/1.1"
done
In the next image you can see the script in use:
Penetration Testing Lab 
Nice one!
Sometimes i’m getting “Length Required” for POST/PUT which means normally behavioral.
May be you need to update the script with new input of content-length.
Cheers
#!/bin/bash
if [ -z $1 ]; then echo “Syntax: ./webSrvMethods.sh example.com 80”
else
echo
printf “HEAD / HTTP/1.1\nHost: $1\n\n” | nc -v -w1 $1 $2
for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND DELETE;
do
printf “$webservmethod ” ;
printf “$webservmethod / HTTP/1.1\nHost: $1\n\n” | nc -v -w1 $1 $2 | grep “HTTP/1”;
done
echo
fi
Don’t forget, you can do
OPTIONS *
as well.
With HTTP 1.1 I’ve found a lot of servers respond to undefined methods as though they were GETs which is useful for bypassing defences which pattern match GET … So it is useful to add a bogus method in as well just to see how the server responds to it.
And Sun Tzu, I’d make the host header optional, it is sometimes worth checking the bare IP as well.
In Burp Intruder, Payloads,Payload Options (Simple list) there is ‘HTTP Verbs’ you can just set this around the §GET§ or whatever and it will quickly give you all the information you need – without leaving burp 🙂 – you can also add bogus one’s to it*
There is also an NMAP script “http-methods.nse” that you can use to find this.
nmap -p 80 example.com –script http-methods
-Aaron B.