Learn Skills From Web Server Foot Printing / Banner Grapping By performing web server foot printing, you’ll gather valuable system-level data like account details, OS, software versions, server names, and database schema details. Use Telnet utility so as to footprint an internet server and gather information like server name, server type, operating systems, applications running, and so on. Use footprinting tools like Netcraft, ID Serve and httprecon, then on to perform web server foot printing, Web server foot printing tools like Netcraft, ID Serve, and httprecon can extract information from the target server. allow us to check out the features and the sort of information these tools are able to collect from the target web server foot printing .
Web Server Footprinting Tools
Netcat
Source: http://netcat.sourceforge.net
Netcat is a networking utility that reads and writes data across network connections, using the TCP/IP protocol. It is a reliable “back-end” tool used directly or driven by other programs and scripts. It is also a network debugging and exploration tool.
Features:
– Outbound and inbound connections, TCP or UDP, to or from any ports
– Tunneling mode, which allows special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface), and the remote host allowed to connect to the tunnel
– Built-in port-scanning capabilities with randomizer
– Usage options, such as buffered send-mode (one line every N seconds) and hexdump (to stderr or to a specified file) of transmitted and received data
– Optional RFC854 telnet codes parser and responder
– Discussed below are commands used to perform banner grabbing (e.g., moviescope.com) to gather information (e.g., server type, and version).
Related Product : Certified Ethical Hacker | CEH Certification
Telnet
Source: https://technet.microsoft.com
Telnet may be a network protocol. it’s widely used on the web or LANs. it’s a client?server protocol. It provides the login sessions for a user on the web . the single terminal attached to other computer emulates with Telnet. the first security
problems with Telnet are the following:
– It doesn’t encrypt any data sent through the connection.
– It lacks an authentication scheme.
Telnet helps the user to perform banner-grabbing attack. It probes HTTP servers to determine the Server field within the HTTP response header, For instance, to enumerate a host running on http (TOP 80), follow the procedure given below:
- Type GET / HTTP/ 0 and press Enter twice.
The HTTP server responds with the information (see the screenshot in the slide).
Netcraft
Source: https://www.netcraft.com
Netcraft determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the web site . Netcraft identifies vulnerabilities within the web server via indirect methods: fingerprinting the OS, the software installed, and therefore the configuration of that software gives enough Information to determine whether the server may be vulnerable to an exploit.
httprecon
Source: http://www.computec.ch
httprecon may be a tool for advanced web server fingerprinting. This tool performs banner grabbing attacks, status code enumeration, and header ordering analysis on the target web server. This tool provides accurate web server fingerprinting information.
httprecon performs the following header analysis test cases on the target web server:
– legitimate GET request for an existing resource
– very long GET request (>1024 bytes in URI)
– common GET request for a non-existing resource
– common HEAD request for an existing resource
– allowed method enumeration with OPTIONS
– usually not permitted http method DELETE
– not defined http method TEST
– non-existing protocol version HTTP/9.8
– GET request including attack patterns (e.g., : ../ and %%)
Also Read : Ways To Learn Finding Default Content Of Web Server Effectively
ID Serve
Source: https://www.grc.com
ID Serve is a simple Internet server identification utility, Following is a list of its capabilities:
– HTTP Server Identification: ID Serve can identify the make, model, and version of a website’s server software. ID Serve sends this information within the preamble of replies to web queries, but the knowledge isn’t visible to the user.
– Non-HTTP Server Identification: Most non-HTTP (non-web) Internet servers (e.g., FTP, SMTP, POP, and NEWS) are required to transmit a line containing a numeric status code and a human-readable greeting to any connecting client. Therefore, ID Serve also can connect with non-web servers to receive and report the server’s greeting message. This generally reveals the server’s make, model, version, and other potentially useful information.
– Reverse DNS Lookup: When ID Serve users enter a site’s or server’s name or URL, the appliance will use DNS to work out the IP address for that domain, However, sometimes it’s useful to travel within the other direction to determinethe domain nameassociated with a known IP address. This process, referred to as reverse DNS lookup, is also built into ID Serve. ID Serve will attempt to determine the associated domain name or any entered IP address.
Following are some of the additional footprinting tools:
- Recon-ng (https://bitbucket.org)
- Uniscan (https://sourceforge.net)
- SpiderFoot (https://spiderfoot.net)
- httprint (http://www.net-square.com)
- Nmap (https://nmap.org)
- ScanLine (https://www.mcafee.com)
- X probe (https://sourceforge.net)
- P0F (https://github.com)
- Bannergrab (https://sourceforge.net)
- Disco (http://www.altmode.com)
- NetworkMiner (http://www.netresec.com)
Enumerating Web Server Information Using Nmap Source:
Source: https://nmap.org
Nmap along with Nmap Scripting Engine can extract lot of valuable information from the target web server. In addition to Nmap commands, Nmap Scripting Engine (NSE) provides scripts that reveals all sorts of useful information to an attacker from the target web server.
An attacker uses the following Nmap commands and NSE scripts to extract information:
Discover virtual domains with hostmap
$nmap –script hostmap <host>
Detect a vulnerable server that uses the TRACE method
nmap –script http-trace -p80 localhost
Harvest email accounts with http-google-email
$nmap –script http-google-email <host>
Enumerate users with http-userdir-enum
nmap -0.0 –script http-userdir -enum localhost
Detect HTTP TRACE
$nmap -p80 –script http-trace <host>
Enumerate common web applications
$nmap –script http-enum –p80 <host>
Obtain robots.txt
$nmap -p80 –script http-robots.txt <hosit>
Below are some of the additional Nmap commands used to extract information:
– nmap sV -O -p target IP address 4
– nmap -sV –script=http-enum target IP address
– nmap target IP address -p 80 –script = http-frontpage-login
– nmap –script http-passwd –script-args http-passwd.root =/target IP address
Website Mirroring
Website mirroring copies a whole website and its content onto the local drive. The mirrored website reveals the complete profile of the site’s directory structure, file structure, external links, images, web pages, and so on. With a mirrored target website, an attacker can easily trace out the website’s directories and gain valuable information. An attacker who copies the web site doesn’t got to be online to travel through the target website. The attacker can trace out the web site at any time. The attacker can gain valuable information by searching the comments and other items within the HTML source code of downloaded sites . There are many website mirroring tools available to repeat a target website onto a local drive, like HTTrack, WebCopier Pro, Website Ripper Copier, GNU Wget, and so on.
HTTrack
Source: https://www.httrack.com
HTTrack is an offline browser utility. It downloads a Website from the Internet to a local directory, building all directories recursively, getting HTfv1L, images, and other files from the server. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in a browser, browse the site from link to link, as if viewing it online.
Following are some of the additional website mirroring tools:
– WebCopier Pro (http://www.maximumsoft.com)
– Website Ripper Copier (http://www.tensons.com)
– GNU Wget (https://www.gnu.org)
– Getleft (https://sourceforge.net)
– OfflineDownloader (http://www.offlinedownloader.com)
– WebRipper (http://visualwebripper.com)
– SurfOffline (http://surfoffline.com)
– NCollectcrStudio(http://www.calluna-software.com)
– Portable Offline Browser (http://www.metaproducts.com)
– Backstreet Browser (http://www.spadixbd.com)
– Offline Explorer Enterprise (http://www.metaproducts.com)
– Teleport Pro (http://www.tenmax.com)
– Hooeey Webprint (http://www.hooeeywebprint.com)
– Visual SEO Studio (https://visual-seo.com)
Questions related to this topic
- How do I access a website using IP address?
- How do I change my website from http to https?
- How can I check the security of a website?
- What happens when you browse a website?
- Learn Skills From Web Server Foot Printing / Banner Grapping?
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
These are really fantastic ideas in concerning blogging.
You have touched some fastidious points here.
Any way keep up wrinting.