Our Blog

HTTP Methods per Directory

Reading time ~1 min

A very common finding in our day to day vulnerability management endevours is the HTTP Methods Per Directory.

In its most basic form, HackRack will determine which HTTP methods are allowed on various web or CGI directories by calling the OPTIONS methods per directory. On its own it is not always significant but as soon as you have directories that allow for PUT or DELETE, and weak directory permissions are in place, the picture can become much more colourful.

For some of our clients who have hundreds of websites exposed to the Intertubes, the requirement was there to have a quick and dirty miner that can crawl the various websites where HTTP methods were identified per directory.Seeing that we are lazy to a fault and would rather do things with 3 lines of Python code, we wrote this script to automate the whole procedure for you. For your convenience we added a parameter that will drive the depth to which the miner will go to find methods and directories.

As a user, you would still be required to confirm the permission on the directories where interesting methods are identified.

The package consists of:

mpd-80.py is the port 80 checker.
mpd-443.py is the ssl / port 443 checker.

Usage for both:

python appname site levels-down
eg:
python mpd-80.py http://www.foo.com/ 2

This tool can be found on our Labs page at http://www.sensepost.com/labs/tools/misc

Enjoy