Q. How do I fingerprint or identify remove web server a from UNIX / Linux shell prompt?
A. You can use standard utilities such as
a) telnet command
b) curl command
telnet - Identify remote web server
Use telnet to connect to remove web server, enter
$ telnet www.vivekgite.com www
Output:
Trying 74.86.49.130... Connected to www.vivekgite.com. Escape character is '^]'.
Request header, enter the following command and hit [ENTER] key twice:
HEAD / HTTP/1.0
Output:
HTTP/1.0 200 OK
Connection: close
X-Pingback: http://www.cyberciti.biz/tips/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Date: Mon, 28 Jan 2008 08:50:55 GMT
Server: lighttpd
Connection closed by foreign host.curl - Identify remote web server
Type the command as follows:
$ curl -I http://www.remote-server.com/
$ curl -I http://vivekgite.com/
Output:
HTTP/1.1 200 OK
Content-type: text/html
Content-Length: 0
Date: Mon, 28 Jan 2008 08:53:54 GMT
Server: lighttpd 
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 6 comments… read them below or add one }
Use Hmap for linux users
WOW! telnet works most of the time.
does anyone know how I can block suck requests that give away important info about my server, as I believe that would usually be the first place to start a hack or attack.
This method of identifying the webserver will rarely work unfortunately as the remote web server host should have a telnet server running on it. Most of them will have it disabled and Windows 7 has it disabled by default. So you’ll get this error “Could not open connection to the host, on port 23″ mostly.
You’re wrong. the “www’ on the end means connect on port 80.
Actually was trying from Windows from a web server that I have access to. Yes, if you add www it forces to check on port 80 instead of 23 (default). But still you need to have telnet server running which is disabled typically … So you get no response.
But I get a LISTENING response with Microsoft’s portqry.exe on port 80.
See this url