HakTip – Identifying Web Servers

In the Haktip Darren goes over a couple ways to identify web servers from the command line.

 

Wayno from pkill-9 sent this by. Two quick and dirty ways to ID a web server.

First way

curl -I www.hak5.wpengine.com

Should result in

HTTP/1.1 200 OK
Date: Tue, 05 Apr 2011 01:00:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/
2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Last-Modified: Tue, 05 Apr 2011 00:04:06 GMT
Accept-Ranges: bytes
Content-Length: 66982
X-Pingback: http://www.Hak5.org/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8

The second, geekier way is to do it with telnet.

telnet www.hak5.wpengine.com 80
HEAD / HTTP/1.0

Want to share your tips with us? [email protected]

6 Comments

  • Benjamin D.
    Reply

    I just checked my website with curl -l and it returned the complete source code. Is this a security problem?

    Benjamin D.

  • G33k
    Reply

    curl is a nice lil unix-type app, but should be forbiden to be used to access ur webserver hosted site. “.htaccess” comes for help. this lil curl app is not the only crawler out there:( if u dont want to be hacked easy-dont use a lot self ecplainin’ comments in ur website’s source code. also there is is an opensource project called Nessus – check ur web server and website security easy

  • video goof
    Reply

    the vulnerabilities the guy says are for 2.2.15 are already fixed in version 2.2.15 (that’s why the 2.2.15 was released to fix the vulnerabilities that were exploitable in a previous version) deeeeedahhhdeeee

  • Paramotor hang gliders - Paramotoring Gear
    Reply

    I have been surfing online more than 3 hours these days, but I by no means found any interesting article like yours.
    It’s lovely worth enough for me. In my opinion, if all web owners and bloggers made just right content as you did, the
    net will probably be a lot more useful than ever before.

  • pandora jewelry sale
    Reply

    The author’s name is Angelica and he or she feels comfortable when people use complete name.
    Her day job is often a supervisor and it’s also something she really see.
    For years she has been living in Massachusetts but her husband wants for you to move.
    It’s not a common thing but things i like doing is climbing but I’m thinking on starting
    interesting things. Check out the latest news on my website: pandora
    jewelry sale

  • pandora wedding charms
    Reply

    Shante Wyse is my name but it sounds quite good when you say the.
    Arkansas is our birth place. Procuring is how I make an income.
    Coing collecting is the only hobby his wife doesn’t approve involving.
    Check out targeted at low quality news modest website: pandora wedding charms

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>