[Nikto-discuss] Allowed HTTP Methods means

Sullo csullo at gmail.com
Wed Dec 7 15:28:11 CST 2011


On Wed, Dec 7, 2011 at 4:36 AM, 喻方 <yufangboy at gmail.com> wrote:
> Hello!
> I am a new user of nikto, thanks for your explaination!
> I don't the following message from nikto scaning.
> +GET /: Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
> + GET /: Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
>
> what is the  difference between Allowed HTTP Methods and Public HTTP Methods?

It depends on if they arrive back to nikto in the Allow or Public
headers, based on an OPTIONS request. See:
http://www.w3.org/Protocols/HTTP/Object_Headers.html

> what is the mean of every message GET,HEAD?

These are the types of requests made, in this case, GET or HEAD.

Your allowed header line doesn't look quite right though--which
version are you using?  The latest should look something like:
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS



-- 

http://www.cirt.net     |      http://richsec.com/


More information about the Nikto-discuss mailing list