Forum Thread: Nikto HTTP METHOD OPTIONS Help Please

Nikto is driving me nuts. i am trying to scan a machine from vulnhub and i know the site allows PUT when i enter curl -X OPTIONS -v http://192.168.56.101/test

  • Trying 192.168.56.101...
  • TCP_NODELAY set
  • Connected to 192.168.56.101 (192.168.56.101) port 80 (#0)

OPTIONS /test HTTP/1.1
> Host: 192.168.56.101
> User-Agent: curl/7.61.0
> Accept: /
>
< HTTP/1.1 301 Moved Permanently
< DAV: 1,2
< MS-Author-Via: DAV
< Allow: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK, UNLOCK
< Location: http://192.168.56.101/test/
< Content-Length: 0
< Date: Thu, 22 Nov 2018 21:44:27 GMT
< Server: lighttpd/1.4.28

How ever i also wanted to try this with nikto just for practise. but nikto only return http method GET. i tried google the manual the write up on the kali site but nothing is working.

the nikto output looks like this: nikto -host http://192.168.56.101/test

  • Nikto v2.1.6

---------------------------------------------------------------------------

  • Target IP: 192.168.56.101
  • Target Hostname: 192.168.56.101
  • Target Port: 80
  • Start Time: 2018-11-22 21:47:05 (GMT1)

---------------------------------------------------------------------------

  • Server: lighttpd/1.4.28
  • The anti-clickjacking X-Frame-Options header is not present.
  • The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  • The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  • All CGI directories 'found', use '-C none' to test none
  • OSVDB-3268: /test/: Directory indexing found.
  • 26188 requests: 0 error(s) and 4 item(s) reported on remote host
  • End Time: 2018-11-22 21:47:56 (GMT1) (51 seconds)

---------------------------------------------------------------------------

  • 1 host(s) tested

i do not understand why i virtually every example i see the http method options are displayed but whatever i try with niktop i only get thet GET methods (also tried verbose and everything)

thx

Get The Null Byte Newsletter

Never miss a new hacking or security guide

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active