This is a proof of concept code to test for the Optionsbleed bug in Apache httpd (CVE-2017-9798).
optionsbleed [-h] [-n N] [-a] [-u] hosttocheck Check for the Optionsbleed vulnerability (CVE-2017-9798). positional arguments: hosttocheck The hostname you want to test against optional arguments: -h, --help show this help message and exit -n N number of tests (default 10) -a, --all show headers from hosts without problems -u, --url pass URL instead of hostname Tests server for Optionsbleed bug and other bugs in the allow header. Automatically checks http://, https://, http://www. and https://www. - except if you pass -u/--url (which means by default we check 40 times.)
The script outputs the returned Allow header and prefixes it with an explanation what is wrong with it.
A corrupted header was sent, very likely the Optionsbleed bug.
An empty header was sent, which is bogus.
The list of methods was space-separated instead of comma-separated.
This is a bug, but harmless. It may be Launchpad bug #1717682.
Some methods were sent multiple times in the list.
This is a bug, but harmless. It may be Apache bug #61207.
Nothing wrong with this header (only sent with -a/--all).