This is a proof of concept code to test for the Optionsbleed bug in Apache httpd (CVE-2017-9798).
Modified by MickCue: Uses requests and supports cookies to test authenticated URLs.
optionsbleed [-h] [-n N] [-a] [-u] hosttocheck Check for the Optionsbleed vulnerability (CVE-2017-9798). positional arguments: hosttocheck The hostname you want to test against optional arguments: -h, --help show this help message and exit -n N number of tests (default 10) -a, --all show headers from hosts without problems -u, --url pass URL instead of hostname -c, --cookie pass cookie value e.g. -c Session=53454bfgb -m, --methods test for malicious HTTP methods Tests server for Optionsbleed bug and other bugs in the allow header. Tests for HTTP methods Tests for clickjacking
The script outputs the returned Allow header and prefixes it with an explanation what is wrong with it.
A corrupted header was sent, very likely the Optionsbleed bug.
An empty header was sent, which is bogus.
The list of methods was space-separated instead of comma-separated.
This is a bug, but harmless. It may be Launchpad bug #1717682.
Some methods were sent multiple times in the list.
This is a bug, but harmless. It may be Apache bug #61207.
Nothing wrong with this header (only sent with -a/--all).