Re: http fingerprinting

• Previous message: Indian Tiger: "Proof of Concept Tool on Web Application Security"
• In reply to: Rick Hoekman: "http fingerprinting"
• Next in thread: Wojciech Pawlikowski: "Re: http fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Nicolas Gregoire <ngregoire@exaprobe.com>
To: Rick Hoekman <rick@paranoia.nl>
Date: 10 Apr 2003 10:47:51 +0200

On Wed, 2003-04-09 at 02:57, Rick Hoekman wrote:

> Anyone know if there are tools to fingerprint webservers that do not
> give away their type and version?
>
> As far as I know there is a paper/thesis on one tool called HMAP.pl. You
> can read it here http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf

The hmap code is located at :
http://wwwcsif.cs.ucdavis.edu/~leed/hmap/

For Apache servers, you can use wh_fingerprint :
http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/wh_webserver_fingerprinter.tgz

The following page (in French) is a list of applications/OS mappers :
http://www.frbsd.org/fr/Analyseurs/

Regards,

-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization. 
--------------------------------------------------------------

• Previous message: Indian Tiger: "Proof of Concept Tool on Web Application Security"
• In reply to: Rick Hoekman: "http fingerprinting"
• Next in thread: Wojciech Pawlikowski: "Re: http fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]