Web server fingerprinting
Came across this cool program that able to detect what underlying web server you are running. The best part of httprint - is that it does not relies on the server banner string, but rather a set of unique server signatures to identify the web server. Masking tools like ServerMask for IIS and Mod_Security for Apache which help obfuscate the banner strings are unable to escape from this finger printing scan :) I spent 1 hour testing it this morning, it's pretty handy and tiny as well. However, the accuracy of the tool is still questionable... here's what I have tested
| www.microsoft.com |
80 |
|
Microsoft-IIS/6.0 |
|
Microsoft-IIS/6.0 |
| www.port80software.com |
80 |
|
Yes we are using ServerMask! |
|
Microsoft-IIS/5.1, Microsoft-IIS/5.0 ASP.NET, Microsoft-IIS/4.0 |
| www.intel.com |
80 |
|
IA Web Server/1.0 |
|
Microsoft-IIS/5.1, Microsoft-IIS/5.0 ASP.NET |
| www.linux.org |
80 |
|
Apache/2.2.0 (Fedora) |
|
Apache/2.0.x |
| www.ibm.com |
80 |
|
IBM_HTTP_Server |
|
Lotus-Domino/6.x |
| localhost |
80 |
|
- |
|
Microsoft-IIS/5.0, Microsoft-IIS/5.0 ASP.NET, Microsoft-IIS/4.0, Microsoft-IIS/URLScan |
| www.google.com.my |
80 |
|
GWS/2.1 |
|
GWS/2.1 Google Web Server |
If I'm not mistaken, Port80software and Intel are running on IIS6.0. For localhost entry, I'm actually using XP Pro with IIS 5.1 but it was reported as IIS5.0/blabla. I hide the banner using Urlscan :) Nevertheless, this tool has higher accuracy rate in term of underlying OS level detail.