Description
This plugin finds which HTTP methods are enabled for a URI. Two configurable parameters exist:
- execOneTime
- reportDavOnly
If “execOneTime” is set to True, then only the methods in the webroot are enumerated. If “reportDavOnly” is set to True, this plugin will only report the enabled method list if DAV methods have been found. The plugin will try to use the OPTIONS method to enumerate all available methods, if that fails, a manual enumeration is done.
Plugin type
Options
| Name | Type | Default Value | Description | Help |
| execOneTime | boolean | True | Execute plugin only one time | Generally the methods allowed for a URL are configured system wide, so executing this plugin only once is the faster choice. The most accurate choice is to run it against every URL. |
| reportDavOnly | boolean | True | Only report findings if uncommon methods are found | No detailed help available |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.
