How to identify the HTTP methods supported by a web server?

Per RFC2616, the OPTIONS method should return the supported methods. Keyword is should since this isn't always the case. As the prior posts have already pointed out each method needs to be tested separately to be sure.

As there are only few methods (OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE and CONNECT), you can use a script and nc to send a request to all allowed methods and parse the results:

for method in OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT ; do 
    echo -e "\n\nTrying $method\n\n" 
    echo -e "$method / HTTP/1.1\nHost: server-hostname\nConnection: close\n\n" | nc server-hostname 80 | head 
    sleep 2
done

HTTP errors 400, 403, 405 and 406 generally are the types returned when trying to use a not implemented method.

The only way to identify the methods supported by a web server is to try each one and evaluate the response to determine if it indicates the method is supported or not. You can't simply query to ask which methods it supports; it won't give you a list.

That said, there are better tools than nc. Nmap and metasploit both support HTTP method scanning and essentially automate the work for you.