"httprecon is currently one of the best tools for fingerprinting web servers." - Sub-Zero, security-freak.blogspot.com
The fingerprint online database is always under development and updated. There are 363 different implementations documented. Please choose the series of tests which you would like to list:
| get_existing | GET / HTTP/1.1 | Legitimate GET request to fetch an existing ressource. Usually the content of the fetched ressource is shown. | | get_long | GET /aaa(...) HTTP/1.1 | Very long GET request. The ressource should not exist. Most web servers generate an error message. | | get_nonexisting | GET /404test.html HTTP/1.1 | Common GET request for a non-existing ressource. This usually leads to an 404 error message. | | wrong_version | GET / HTTP/9.8 | A request with a wrong http version. Most web servers produce an error message. | | head_existing | HEAD / HTTP/1.1 | Common HEAD request for an existing ressource which should show the common http headers. | | delete_existing | DELETE / HTTP/1.1 | DELETE request for an existing ressource. Most web servers have this method not activated and will produce an error message. | | options | OPTIONS / HTTP/1.1 | The OPTIONS method asks the web server for the supported methods which are printed in the Allow line. | | wrong_method | TEST / HTTP/1.1 | A request with a non-existing method TEST which should produce an error message. | | attack_request | GET [attack_request] HTTP/1.1 | Common GET request which tries to access an URI which includes well-known attack patterns (e.g. format string, sql injection, cross site scripting). |
[upload] [top] |