From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: Thu Apr 10 2003 - 04:47:51 EDT
On Wed, 2003-04-09 at 02:57, Rick Hoekman wrote:
> Anyone know if there are tools to fingerprint webservers that do not
> give away their type and version?
>
> As far as I know there is a paper/thesis on one tool called HMAP.pl. You
> can read it here http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf
The hmap code is located at :
http://wwwcsif.cs.ucdavis.edu/~leed/hmap/
For Apache servers, you can use wh_fingerprint :
http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/wh_webserver_fingerprinter.tgz
The following page (in French) is a list of applications/OS mappers :
http://www.frbsd.org/fr/Analyseurs/
Regards,
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT