Fingerprint / Identify Remote Web Server

by on January 28, 2008 · 8 comments· LAST UPDATED January 28, 2008

in , ,

Q. How do I fingerprint or identify remove web server a from UNIX / Linux shell prompt?

A. You can use standard utilities such as
a) telnet command

b) curl command

telnet - Identify remote web server

Use telnet to connect to remove web server, enter
$ telnet www.vivekgite.com www
Output:

Trying 74.86.49.130...
Connected to www.vivekgite.com.
Escape character is '^]'.

Request header, enter the following command and hit [ENTER] key twice:
HEAD / HTTP/1.0
Output:

HTTP/1.0 200 OK
Connection: close
X-Pingback: http://www.cyberciti.biz/tips/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Date: Mon, 28 Jan 2008 08:50:55 GMT
Server: lighttpd
Connection closed by foreign host.

curl - Identify remote web server

Type the command as follows:
$ curl -I http://www.remote-server.com/
$ curl -I http://vivekgite.com/

Output:

HTTP/1.1 200 OK
Content-type: text/html
Content-Length: 0
Date: Mon, 28 Jan 2008 08:53:54 GMT
Server: lighttpd
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 8 comments… read them below or add one }

1 Exoloiter February 3, 2008 at 3:57 am

Use Hmap for linux users

Reply

2 srinivas December 7, 2009 at 9:25 am

WOW! telnet works most of the time.

does anyone know how I can block suck requests that give away important info about my server, as I believe that would usually be the first place to start a hack or attack.

Reply

3 Kannan August 2, 2012 at 5:46 pm

This method of identifying the webserver will rarely work unfortunately as the remote web server host should have a telnet server running on it. Most of them will have it disabled and Windows 7 has it disabled by default. So you’ll get this error “Could not open connection to the host, on port 23″ mostly.

Reply

4 Danny November 2, 2012 at 4:31 pm

You’re wrong. the “www’ on the end means connect on port 80.

Reply

5 Kannan November 2, 2012 at 8:47 pm

Actually was trying from Windows from a web server that I have access to. Yes, if you add www it forces to check on port 80 instead of 23 (default). But still you need to have telnet server running which is disabled typically … So you get no response.

But I get a LISTENING response with Microsoft’s portqry.exe on port 80.

Reply

6 Rob October 27, 2014 at 2:08 pm

Nope, you don’t need to have a telnet server running.

If a web server is running on port 80 and you telnet to port 80 you will see the response the server gives. If you took that telnet client and built an html parser and a UI around it you will have built a browser.

Now telnet to port 25 on a mail server and start sending it an email. ….See where it goes?

Reply

7 Bernd November 8, 2012 at 6:15 pm
8 Harry July 11, 2013 at 2:20 pm

besides the fact that all on this site has NOTHING to do with FINGERPRINTING because i can let respond my server whatever i want in ther Server-header or strip it completly – fingerprinting is analyze the headers, the order of the headers and so on

> if you add www it forces to check on port 80 instead of 23 (default).
> But still you need to have telnet server running which is disabled typically

stop this idiotic bullshit if you have no plan of TCP basics
telnet is a raw TCP tool and the telönet client connects to the WEBSERVER
NOBODY needs to run a telnetserver DAMNED, nowhere

boy look here how admins are working daily with the telnet CLIENT
http://workaround.org/ispmail/lenny/test-mail-through-telnet

Reply

Leave a Comment

Tagged as: , , , , , , , , , , ,

Previous Faq:

Next Faq: