httprecon project
advanced web server fingerprinting
"La herramienta mejorará y hará más eficiente el proceso de enumeración e identificación de objetivos, mediante técnicas de identificación de banners, estado del código y encabezados." - DragoN,
Test: attack_request (GET [attack_request] HTTP/1.1)
Fingerprint: choose the fingerprint

Common GET request which tries to access an URI which includes well-known attack patterns (e.g. format string, sql injection, cross site scripting).

bannerBanner of the web server, which is usually announced within the Server line.
protocol-nameName of the protocol at the beginning of the http header (usually HTTP).
protocol-versionVersion of the http protocol (common are 0.9, 1.0 and 1.1).
statuscodeThree digit status code of the processed request (e.g. 200 or 404).
statustextHuman readable explaination of the status code (e.g. Found or Forbidden).
header-spaceThe use of space characters after the line name.
header-capitalafterdashThe use of a capital letter after a dash within a line name.
header-orderThe order of the header lines within the response.
options-allowedThe announced http methods. Usually printed only in OPTIONS responses or forbidden requests.
options-publicSimilar to options-allowed, the announcement of allowed methods for public use.
options-delimitedThe used delimiter symbol for the listed methods within OPTIONS requests.
etag-legthThe length of the ETag as bytes.
etag-quotesThe use of what kind of quotes around the ETag announcement.
content-typeThe use of which Content-Type within the received response.
accept-rangeThe accepted data range by the web site (usually bytes).
connectionFurther demands for the given and further connections.
cache-controlDemands for the cache controlling by proxies and web browsers.
pragmaFurther details about proxies and cacheing.
vary-orderSet of request-header fields that fully determines if a cache is permitted to use the response.
vary-capitalizeThe use of capitalized letters within the vary definitions.
vary-delimiterDelimiter used to announce the Vary details.
x-powered-byOptional header which announces some additionally installed software packages.
htaccess-realmThe name of the htaccess authentication.

[back] [upload] [top]