Fingerprint Web Server

Check List

• Determine the version and type of running web server to enable further discovery of any known vulnerabilities.

Cheat Sheet

Banner Grabbing

Netcat

nc -v $WEBSITE 80

Telnet

telnet $WEBSITE 80

Curl

curl -I $WEBSITE

Nmap

nmap -sS -sV --mtu 5000 --script http-methods $WEBSITE

NetCraft

What's that site running?What's that site running? | Netcraft

Dnsdumpster

https://dnsdumpster.com/dnsdumpster.com

Censys

Server Header

services.http.response.headers.server: "nginx"

SSL Certificate SHA-1 Fingerprint

services.tls.certificates.leaf_data.fingerprint_sha1: $HASH

SSL Certificate SHA-256 Fingerprint

services.tls.certificates.leaf_data.fingerprint_sha256: $HASH

Common Name (CN) in SSL Certificate

services.tls.certificates.leaf_data.subject.common_name: "$WEBSITE"

Operating System

services.http.response.headers: (key: "OS" and value.headers: "Linux")

Powered By Header

services.http.response.headers.x_powered_by: "PHP/7.4.9"

WAFW00F

wafw00f $WEBSITE

WhatWaf

whatwaf -u $WEBSITE

WhatWeb

whatweb $WEBSITE

Sn1per

sniper -t $WEBSITE

Arachni

arachni $WEBSITE

Graphw00f

graphw00f -f -t $WEBSITE