Cybersecurity, Penetration Testing, Scripting

Automated bash script to test HTTP HEADER Response

Sending
User Rating 5 (3 votes)

With below code we can try to automate the different methods that a web server or a website allow. HTTP Methods that we can test here are: GET HEAD POST PUT TRACE CONNECT DELETE
We have used JAFFA an arbitrary method to see what response server returns. If it is status 200 OK then it can be vulnerable.
Below Image shows which HTTP methods are safe and which we should not allow etc.
http header functions

CODE:

#!/bin/bash

for method in GET HEAD POST PUT TRACE CONNECT OPTIONS DELETE JAFFA;

do
  printf "$method " ;
  printf "$method / HTTP/1.1\nHost: $1\n\n" | nc -i 1 $1 80 | grep "HTTP/1.1"
done

printf "\n";
# You can check even the http-methos testing usnig nmap as well
# nmap -p 80 --script http-methods IP_ADDRESS/SITE_NAME

Read more about HTTP Methods testing and vulnerability that can be exploited using those methods here : https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)

Share your Thoughts