2

I've received the results of a pen test and there is some unwanted exposure in the HTTP OPTIONS where the fact that Frontpage Server Extensions was available (now removed) was reported.

I need to run a check on the OPTIONS to see whether it has been removed. The test output from the report is below, I need to recreate it to establish that it has gone but don't know how to check the OPTIONS, I can only find tools that seem to check the "HEAD / HTTP/1.1".

Does anyone know how to test this - I'm running a Windows environment?

Many thanks

OPTIONS / HTTP/1.1
Host: www.website.com
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD
Content-Length: 0
Server: Microsoft-IIS/6.0
Public: OPTIONS, TRACE, GET, HEAD, POST
MS-Author-Via: MS-FP/4.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Fri, 01 Feb 2010 16:09:15 GMT
Chris
  • 164
  • 2
  • 9

3 Answers3

4

There is a website I use a lot to do different network related tests. Especially if I want to be able to look at something from outside my network. It's http://www.network-tools.com
They have an option for HTTP headers which should give you the info you're looking for.

EDIT:
After some looking online you can do it manually through telnet with the following commadns:

# telnet www.example.com 80
Connected to www.example.com.
Escape character is '^]'.

OPTIONS * HTTP/1.1
Host: www.example.com

Press enter twice after the last line.

Though when I tested this on my site I received the same info.

einstiien
  • 2,568
  • 18
  • 18
0

You can use a network testing tool like nessus to verify your setup.

Dan Andreatta
  • 5,454
  • 2
  • 24
  • 14
0

I like to use this Free HTTP Headers Testing tool to send, get and custom HTTP headers