Updated README.md

Issue #11: Alert on HTTP PATCH option

README.md

@@ -1,9 +1,11 @@
 nikto
 =====
 
-Nikto web server scanner
+Nikto web server scanner  - https://cirt.net/Nikto2
 
-https://cirt.net/
+Full documentation - https://cirt.net/nikto2-docs/
+
+Basic usage:
 
 ```
    Options:
@@ -95,4 +97,4 @@ https://cirt.net/
        -Version           Print plugin and database versions
        -vhost+            Virtual host (for Host header)
               + requires a value
-```
+```

program/databases/db_httpoptions

@@ -16,6 +16,7 @@
 "999978","PUT","397","HTTP method ('@TYPE@' Header): 'PUT' method could allow clients to save files on the web server."
 "999982","MOVE","5647","HTTP method ('@TYPE@' Header): 'MOVE' may allow clients to change file locations on the web server."
 "999983","CONNECT","0","HTTP method ('@TYPE@' Header): 'CONNECT' may allow server to proxy client requests."
+"999984","PATCH","0","HTTP method: 'PATCH' may allow client to issue patch commands to server. See RFC-5789."
 # WebDAV methods - "0" in nikto_id tells the code to treat it differently
 "0","PROPFIND","0","webdav"
 "0","PROPPATCH","0","webdav"

program/plugins/nikto_httpoptions.plugin

@@ -58,11 +58,12 @@ sub nikto_httpoptions {
     # lots of FP on this one; disabling for now
     #if (($content ne '') && ($res !~ /^3\d\d$/)) { 
     #    add_vulnerability($mark, "Response body of OPTIONS / request is not empty--this may describe additonal REST/API services", 999980, 0, "OPTIONS", "/", $request, $response);
-#	}
+    #	}
 
     foreach my $o (split(/,[ ]?/, $aoptions)) {
         $allow_methods .= ", $o" unless ($allow_methods =~ /\b$o\b/ || $o eq '');
     }
+
     $allow_methods =~ s/^[ ]?, //;
     foreach my $o (split(/,[ ]?/, $poptions)) {
         $public_methods .= ", $o" unless ($public_methods =~ /\b$o\b/ || $o eq '');