Hi, I'm not sure if it's this you're looking for but a little trick I used with such a webserver was the following: The webserver didn't give away it's type & version when I used nc or telnet to grab it's banners but the following did work: Start a sniffer (e.g. ethereal) and browse to the website (on the same host). Then use the follow tcp stream function of ethereal on the first Syn, Syn/Ack, Ack combination and you should see the server version. At least this worked in my case, something worth to try? Regards, Dieter > -----Original Message----- > From: Rick Hoekman [mailto:rickat_private] > Sent: woensdag 9 april 2003 2:57 > To: pen-testat_private > Subject: http fingerprinting > > > Anyone know if there are tools to fingerprint webservers that > do not give away their type and version? > > As far as I know there is a paper/thesis on one tool called > HMAP.pl. You can read it here > http://seclab.cs.ucdavis.edu/papers/hmap-> thesis.pdf > > Thanks! > > > Rick > > -- > "I know that you all think > that I'm paranoid" -- anonymous "Paranoia is knowing all the > facts" -- Woody Allen "Paranoia is reality seen on a finer > scale." -- Philo Gant, Strange Days "Paranoia is heightened > awareness" -- anonymous > > > -------------------------------------------------------------- > Costs are climbing and complaints are rising > as SPAM overloads your e-mail servers and Inboxes > SurfControl E-mail Filter puts the brakes on spam & viruses > and gives you the reports to prove it. > http://www.securityfocus.com/SurfControl-pen-> test2 > Download a > free trial and see just > what's going in and > out of your organization. > -------------------------------------------------------------- > > -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Apr 10 2003 - 14:38:30 PDT