Penetration tester diary.: Web server Fingerprinting

Web server Fingerprinting

Methods	Explain
HEAD	Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
GET	Requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect. (This is also true of some other HTTP methods.) The W3C has published guidance principles on this distinction, saying, "Web application design should be informed by the above principles, but also by the relevant limitations." See safe methods below.
POST	Submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
PUT	Uploads a representation of the specified resource.
DELETE	Deletes the specified resource from a web server. It can be potentially dangerous as well. An attacker can use this to delete sensitive data or completely destroy a website.
TRACE	Echoes back the received request, so that a client can see what (if any) changes or additions have been made by intermediate servers.
OPTIONS	Returns the HTTP methods that the server supports for specified URL. This can be used to check the functionality of a web server by requesting '*' instead of a specific resource. Using the OPTIONS verb, we can enumerate if more dangerous verbs are available like PUT or DELETE.
CONNECT	Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
PATCH	Is used to apply partial modifications to a resource. HTTP servers are required to implement at least the GET and HEAD methods[13] and, whenever possible, also the OPTIONS method.