Penetration Testing mailing list archives

Re: [PEN-TEST] "Type-of-webserver"-scanner?

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Tue, 12 Dec 2000 14:32:44 -0500

On Tue, 12 Dec 2000, Jay D. Dyson wrote:

      One element that complicated matters was that not everyone was
running a webserver on port 80.  There were systems running httpd on
ports 81, 8000, 8080, 8100, 8888 and so on.  I even went a step
further and considered systems that were exclusively running https on
port 443.


you may want to couple, or prepare a list of targets, your scan with
sniffing traffic for Server type strings in HTTP headers. using ngrep, you
can come up with a pretty ready filter to look for HTTP header info, which
normally looks like this:

HTTP/1.1 200 OK
Date: Tue, 12 Dec 2000 19:32:06 GMT
Server: Apache/1.3.6 (Unix) PHP/3.0.12 mod_ssl/2.3.11 OpenSSL/0.9.4
Last-Modified: Mon, 01 Feb 1999 22:26:20 GMT
ETag: "585d0-4b2-36b62a0c"
Accept-Ranges: bytes
Content-Length: 1202
Connection: close
Content-Type: text/html

i like ngrep for this kind of work, http://www.packetfactory.net/ shuld
have the tool.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

Re: [PEN-TEST] snoop ona live telnet session? Mordechai Ovits (Dec 01)
- <Possible follow-ups>
- Re: [PEN-TEST] snoop ona live telnet session? Peter Van Epp (Dec 01)
- [PEN-TEST] snoop ona live telnet session? Mike Ahern (Dec 01)
- Re: [PEN-TEST] snoop ona live telnet session? NetW3.COM Consulting (Dec 01)
- Re: [PEN-TEST] snoop ona live telnet session? Magnus Bergman (Dec 01)
- Re: [PEN-TEST] snoop ona live telnet session? Scripter * (Dec 01)