httprecon project

advanced web server fingerprinting

"httprecon is currently one of the best tools for fingerprinting web servers." - Sub-Zero, security-freak.blogspot.com

The fingerprint online database is always under development and updated. There are 363 different implementations documented. Please choose the series of tests which you would like to list:

Name	Request	Description
get_existing	GET / HTTP/1.1	Legitimate GET request to fetch an existing ressource. Usually the content of the fetched ressource is shown.
get_long	GET /aaa(...) HTTP/1.1	Very long GET request. The ressource should not exist. Most web servers generate an error message.
get_nonexisting	GET /404test.html HTTP/1.1	Common GET request for a non-existing ressource. This usually leads to an 404 error message.
wrong_version	GET / HTTP/9.8	A request with a wrong http version. Most web servers produce an error message.
head_existing	HEAD / HTTP/1.1	Common HEAD request for an existing ressource which should show the common http headers.
delete_existing	DELETE / HTTP/1.1	DELETE request for an existing ressource. Most web servers have this method not activated and will produce an error message.
options	OPTIONS / HTTP/1.1	The OPTIONS method asks the web server for the supported methods which are printed in the Allow line.
wrong_method	TEST / HTTP/1.1	A request with a non-existing method TEST which should produce an error message.
attack_request	GET [attack_request] HTTP/1.1	Common GET request which tries to access an URI which includes well-known attack patterns (e.g. format string, sql injection, cross site scripting).

[upload] [top]