Automated bash script to test HTTP HEADER Response

With below code we can try to automate the different methods that a web server or a website allow. HTTP Methods that we can test here are: GET HEAD POST PUT TRACE CONNECT DELETE
We have used JAFFA an arbitrary method to see what response server returns. If it is status 200 OK then it can be vulnerable.
Below Image shows which HTTP methods are safe and which we should not allow etc.
http header functions

CODE:

#!/bin/bash

for method in GET HEAD POST PUT TRACE CONNECT OPTIONS DELETE JAFFA;

do
  printf "$method " ;
  printf "$method / HTTP/1.1\nHost: $1\n\n" | nc -i 1 $1 80 | grep "HTTP/1.1"
done

printf "\n";
# You can check even the http-methos testing usnig nmap as well
# nmap -p 80 --script http-methods IP_ADDRESS/SITE_NAME

Read more about HTTP Methods testing and vulnerability that can be exploited using those methods here : https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)

Sanjeev Jaiswal

He loves web programming and security and co-founder of Alien Coders. He usually shares and helps engineering students and IT professionals in academics and jobs. An avid reader and quick learner.

Share your comment

%d bloggers like this: