From yufangboy at gmail.com  Wed Dec  7 03:36:37 2011
From: yufangboy at gmail.com (=?GB2312?B?0/e3vQ==?=)
Date: Wed, 7 Dec 2011 17:36:37 +0800
Subject: [Nikto-discuss] Allowed HTTP Methods means
Message-ID: <CAFNy7CNBhyZBm=Af+P-gsvfk=YQmm-J-UawYaTP+2NtBTmoygg@mail.gmail.com>

Hello!
I am a new user of nikto, thanks for your explaination!
I don't the following message from nikto scaning.
+GET /: Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ GET /: Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST

what is the  difference between Allowed HTTP Methods and Public HTTP Methods?
what is the mean of every message GET,HEAD?

Thanks!

From csullo at gmail.com  Wed Dec  7 15:28:11 2011
From: csullo at gmail.com (Sullo)
Date: Wed, 7 Dec 2011 16:28:11 -0500
Subject: [Nikto-discuss] Allowed HTTP Methods means
In-Reply-To: <CAFNy7CNBhyZBm=Af+P-gsvfk=YQmm-J-UawYaTP+2NtBTmoygg@mail.gmail.com>
References: <CAFNy7CNBhyZBm=Af+P-gsvfk=YQmm-J-UawYaTP+2NtBTmoygg@mail.gmail.com>
Message-ID: <CA+KRv600nDGXLWoz9gm3sRqNvyyoXTcd5USiYC+FV-8Tboz1bw@mail.gmail.com>

On Wed, Dec 7, 2011 at 4:36 AM, ?? <yufangboy at gmail.com> wrote:
> Hello!
> I am a new user of nikto, thanks for your explaination!
> I don't the following message from nikto scaning.
> +GET /: Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
> + GET /: Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
>
> what is the ?difference between Allowed HTTP Methods and Public HTTP Methods?

It depends on if they arrive back to nikto in the Allow or Public
headers, based on an OPTIONS request. See:
http://www.w3.org/Protocols/HTTP/Object_Headers.html

> what is the mean of every message GET,HEAD?

These are the types of requests made, in this case, GET or HEAD.

Your allowed header line doesn't look quite right though--which
version are you using?  The latest should look something like:
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS



-- 

http://www.cirt.net? ?? |? ? ? http://richsec.com/