Penetration Testing mailing list archives
Re: http fingerprinting
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: 10 Apr 2003 10:47:51 +0200
On Wed, 2003-04-09 at 02:57, Rick Hoekman wrote:
Anyone know if there are tools to fingerprint webservers that do not give away their type and version? As far as I know there is a paper/thesis on one tool called HMAP.pl. You can read it here http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf
The hmap code is located at : http://wwwcsif.cs.ucdavis.edu/~leed/hmap/ For Apache servers, you can use wh_fingerprint : http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/wh_webserver_fingerprinter.tgz The following page (in French) is a list of applications/OS mappers : http://www.frbsd.org/fr/Analyseurs/ Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
Current thread:
- http fingerprinting Rick Hoekman (Apr 09)
- Re: http fingerprinting Eric Haugh (Apr 10)
- Re: http fingerprinting Franck Veysset (Apr 10)
- Re: http fingerprinting Nicolas Gregoire (Apr 10)
- Re: http fingerprinting Wojciech Pawlikowski (Apr 10)
- Re: http fingerprinting shawnmer (Apr 11)
- <Possible follow-ups>
- Re: http fingerprinting Bill Pennington (Apr 10)
- RE: http fingerprinting Dieter Sarrazyn (Apr 10)