httprecon project
advanced web server fingerprinting
Introduction | News | Scan | Download | Documentation | FAQ | Database | Contact
"Marc Ruef developed a new tool to make fingerprinting of web servers much easier. While using different test cases the hard requirements of such an identification can be met much better and more precise." - Martin Rutishauser, OneConsult GmbH, Director Training and Research
Test: wrong_method (TEST / HTTP/1.1)
Fingerprint: choose the fingerprint

A request with a non-existing method TEST which should produce an error message.

NameDescription
bannerBanner of the web server, which is usually announced within the Server line.
protocol-nameName of the protocol at the beginning of the http header (usually HTTP).
protocol-versionVersion of the http protocol (common are 0.9, 1.0 and 1.1).
statuscodeThree digit status code of the processed request (e.g. 200 or 404).
statustextHuman readable explaination of the status code (e.g. Found or Forbidden).
header-spaceThe use of space characters after the line name.
header-capitalafterdashThe use of a capital letter after a dash within a line name.
header-orderThe order of the header lines within the response.
options-allowedThe announced http methods. Usually printed only in OPTIONS responses or forbidden requests.
options-publicSimilar to options-allowed, the announcement of allowed methods for public use.
options-delimitedThe used delimiter symbol for the listed methods within OPTIONS requests.
etag-legthThe length of the ETag as bytes.
etag-quotesThe use of what kind of quotes around the ETag announcement.
content-typeThe use of which Content-Type within the received response.
accept-rangeThe accepted data range by the web site (usually bytes).
connectionFurther demands for the given and further connections.
cache-controlDemands for the cache controlling by proxies and web browsers.
pragmaFurther details about proxies and cacheing.
vary-orderSet of request-header fields that fully determines if a cache is permitted to use the response.
vary-capitalizeThe use of capitalized letters within the vary definitions.
vary-delimiterDelimiter used to announce the Vary details.
x-powered-byOptional header which announces some additionally installed software packages.
htaccess-realmThe name of the htaccess authentication.

[back] [upload] [top]
© 2007-2025 by Marc Ruef