httprecon project

advanced web server fingerprinting

"Handy little tool." - patrick, ha.ckers.org comment, HTTP Verb Brute Forcing

The fingerprint online database is always under development and updated. There are 363 different implementations documented. Please choose the series of tests which you would like to list:

Name	Request	Description
get_existing	GET / HTTP/1.1	Legitimate GET request to fetch an existing ressource. Usually the content of the fetched ressource is shown.
get_long	GET /aaa(...) HTTP/1.1	Very long GET request. The ressource should not exist. Most web servers generate an error message.
get_nonexisting	GET /404test.html HTTP/1.1	Common GET request for a non-existing ressource. This usually leads to an 404 error message.
wrong_version	GET / HTTP/9.8	A request with a wrong http version. Most web servers produce an error message.
head_existing	HEAD / HTTP/1.1	Common HEAD request for an existing ressource which should show the common http headers.
delete_existing	DELETE / HTTP/1.1	DELETE request for an existing ressource. Most web servers have this method not activated and will produce an error message.
options	OPTIONS / HTTP/1.1	The OPTIONS method asks the web server for the supported methods which are printed in the Allow line.
wrong_method	TEST / HTTP/1.1	A request with a non-existing method TEST which should produce an error message.
attack_request	GET [attack_request] HTTP/1.1	Common GET request which tries to access an URI which includes well-known attack patterns (e.g. format string, sql injection, cross site scripting).

[upload] [top]