Re: HTTP scanners?

[rb () CYBERPUNK RU (rb)]

I haven't heard about such things, but for example you can tune nmap scanner
to verify only 80, 8080, 8081 and others common http potrs and scan whole
network
or you can use Grinder by Rhino9 - it scans only 80 port of subnet, but can
return server version
i think, there is no way to detect http service except port scanning of
common used www service ports ...

detecting server version - just send for example
GET /no_such_url  HTTP/1.1
to www port and analyse server output - in Server header you will see
server's version

i think, there is no use of this technology ( scanning subnets for www
service ) except of CGI exploiting

if you really want it - use Grinder or nmap

if you want to find some vulnerable script - use Grinder with url like /phf
but you must know - Grinder don't use proxy, so in server's logs you leaves
fingerprints and as usual, if admin is not dumb, he'll send mail to
abuse () yourprovider com with date, time, your ip and url like /phf
and if yourprovider admin is not dumb too or is not friend of you, he asks
you, what the hell are you doing

P.S. sorry for english - i have a 3 in my School diary :)

-----Èñõîäíîå ñîîáùåíèå-----
Îò: Scorpus Kahn <scorpus () CROSSWINDS NET>
Êîìó: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM>
Äàòà: 25 ÿíâàðÿ 2000 ã. 8:46
Òåìà: HTTP scanners?

> I don't know if I am asking the right question or not, but I want to know
if
> there is
> such a thing as a HTTP scanner? A small utility that allows you to scan
> networks/domains
> for all hosts that have a httpd running on them and will return the port
> number
> of the http server, and the make/version of the software. Possibly into a
> nicely sorted
> log or database. If there is such a thing what is it called?
>
> -Rory Savage