Re: Finding web servers with nmap

[Balaji Prasad <bpmlist () sonic net>]

Some deployments are smart enough to not run the webserver on port 80 .. 
but on some non-standard ports. In such cases, it is useful to run a 
small Expect script that can telnet to the port and do a HTTP GET 
operation .. depending on the response, you can whether it is a web 
server or not.

Jonathan Loh wrote:

> How about 
> nmap A.B.C.Start-Finish | sed -n -e '/^Int/p' -e '/^80/p'
>
> It'll give you all the IP's in that range and will give you all that are
> running http on port 80.
>
> --- Burton Strauss <Burton () FelisCatus org> wrote:
>
>  
>
> > Robin Keir (keir.net) has a free Windows program available, wotweb, which
> > does a simple scan for a range of IPs.  It's preloaded with checkboxes for
> > all the usual and many unusual web server ports.
> >
> > -----Burton
> >
> > -----Original Message-----
> > From: Denis [mailto:da_shestakov () myrealbox com] 
> > Sent: Wednesday, November 30, 2005 11:01 AM
> > To: security-basics () securityfocus com
> > Subject: Finding web servers with nmap
> >
> > Hi,
> >
> > I have a task to "relatively quickly" find all web servers (all hosts with
> > open port 80) in some particular network. It seems it can be done with the
> > nmap program. Could you advice me concerning the best options for running
> > nmap to accomplish this task? In particular, does the following command do
> > it right?
> > nmap -v -sS -PS80 -PA80 -p 80 -oG my.log -iL x.x.0-255.0-255 I am asking
> > that because I have a concern that the above command may miss some hosts.
> > However, it works faster than the command with "-P0 -p 80" ... 
> >
> > --
> > BR,
> >  Denis
> >
> >
> >    
>
>
>
>                 
> __________________________________ 
> Start your day with Yahoo! - Make it your home page! 
> http://www.yahoo.com/r/hs
>
>
>
>