Forum Thread: Nikto HTTP METHOD OPTIONS Help Please

Nikto is driving me nuts. i am trying to scan a machine from vulnhub and i know the site allows PUT when i enter curl -X OPTIONS -v

  • Trying
  • Connected to ( port 80 (#0)

OPTIONS /test HTTP/1.1
> Host:
> User-Agent: curl/7.61.0
> Accept: /
< HTTP/1.1 301 Moved Permanently
< DAV: 1,2
< MS-Author-Via: DAV
< Location:
< Content-Length: 0
< Date: Thu, 22 Nov 2018 21:44:27 GMT
< Server: lighttpd/1.4.28

How ever i also wanted to try this with nikto just for practise. but nikto only return http method GET. i tried google the manual the write up on the kali site but nothing is working.

the nikto output looks like this: nikto -host

  • Nikto v2.1.6


  • Target IP:
  • Target Hostname:
  • Target Port: 80
  • Start Time: 2018-11-22 21:47:05 (GMT1)


  • Server: lighttpd/1.4.28
  • The anti-clickjacking X-Frame-Options header is not present.
  • The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  • The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  • All CGI directories 'found', use '-C none' to test none
  • OSVDB-3268: /test/: Directory indexing found.
  • 26188 requests: 0 error(s) and 4 item(s) reported on remote host
  • End Time: 2018-11-22 21:47:56 (GMT1) (51 seconds)


  • 1 host(s) tested

i do not understand why i virtually every example i see the http method options are displayed but whatever i try with niktop i only get thet GET methods (also tried verbose and everything)


Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active